1 WAN for General use, 1 WAN for paid use
-
Your problem is automating the switch config based on whether the person paid or not. You need some way for the network to distinguish one from the other.
Like I said, once the traffic is marked in some way it's easy.
Set up both WAN gateways
On the LAN interface pass traffic with one characteristic to the first gateway (the gateway selection is down in the advanced section)
Pass traffic with the other characteristic to the other gateway. -
This sounds mostly like a special implementation of Captive Portal usage ;)
-
OK, I'll stop speaking in general terms and get more specific.
The first attachment is a crude network diagram.
The second attachment is a screen shot of the firewall rules I'm trying out.
I'm trying to push all traffic from 10.0.0.101 through WAN2 (as a demo "paid user") and then I leave the general rule to allow all other traffic through WAN1…
To test it out, I have a simple PHP script on a local web server..
Which simply prints what IP address each computer is using to get out the Gateway… They both seem to still be using the WAN1 IP address..?
-
And what about that isn't working?
-
Again, they both still seem to be using WAN1's IP address… If the one computer were using WAN2, shouldn't it show that IP address?
-
Are you sure the APs are APs and not Routing/NAT themselves?
-
How are you routing to the local web server running the PHP script? If it's behind pfSense with the clients, that rule is never applied.
Try www.wimi.com instead.
You realize that your NAT AP 1 rule is never applied because the rule above it always matches right?
-
The local web server with the PHP script is not behind the pfSense router.
I just removed the NAT rule all together if you think it was being a problem, but it's still not working.
-
Something is not as it is being presented then.
Set the rule for packets with a 10.0.0.101 source address to log and check the firewall logs.
If nothing shows up, do the same with the default any any rule.
Check the state table and state summary to see what's being created.
-
Flush state table before testing!
-
Something is not as it is being presented then.
Set the rule for packets with a 10.0.0.101 source address to log and check the firewall logs.
If nothing shows up, do the same with the default any any rule.
Check the state table and state summary to see what's being created.
After logging it and checking the current traffic graphs, I have confirmed that it is working properly! Thanks!
