Pfsense as a router and default gateway with multiwan
-
My goal is to pass traffic ONLY from devices included in aliases… (partly rubbed out)
I dont use dhcp serwer on pfsense. I would like to block all traffic exept aliases.. I guess there is something wrong in that policy because when i set a static ip - there is an Internet on it.. (even if ip is not in aliases list)
what rules should I use ? -
If you remove that last "pass all" rule, then (assuming there are no other rules like that) you will be just passing the things specified in the various aliases used in rules. If someone sets their IP address to one that is passed, they get internet. Set it to some other IP, then it will be blocked by the unseen default block rule (or whatever other block rule that might match before that). You really need to first know exactly what you want blocked and passed, then look through your rule list from top to bottom, think through what IP addresses are in which alias and make rules in order that will have the effect you want.
-
To easly modify network policy I would like to only add new rule with alias for example 'newCustomer' like in my pictures above;
In that line I have IP or IPs of newCustomer devices (included in alias - newCustomer), set default gateway - 'MultiWAN' and set limiters: newCustomerUP and newCustomerDown - to specify bandwidth
For every single customer I would like to create that kind of rule to define different UP/DOWN speed (I add 2 limiters for every alias in my network)
Is there any other way to do that ? Is it possible that the limiters slowing down speed traffic between lokal routers ? -
Hello phil.davis !
Can You help me to understand one more thing..
I followed Your instructions and it works !! But i can't understand what is going on with traffic ballancing.
I have 2 pppoe WANs 80/8Mbit vDSL2 and basically works only one of them (attach)
Is it normal bahaviour ?I have chacked 'use sticky connections'
best regards
bp![PFSense multiWAN 01.png](/public/imported_attachments/1/PFSense multiWAN 01.png)
![PFSense multiWAN 01.png_thumb](/public/imported_attachments/1/PFSense multiWAN 01.png_thumb)
![PFSense multiWAN 02.png](/public/imported_attachments/1/PFSense multiWAN 02.png)
![PFSense multiWAN 02.png_thumb](/public/imported_attachments/1/PFSense multiWAN 02.png_thumb)
![PFSense multiWAN 03.png](/public/imported_attachments/1/PFSense multiWAN 03.png)
![PFSense multiWAN 03.png_thumb](/public/imported_attachments/1/PFSense multiWAN 03.png_thumb)
![PFSense multiWAN 04.png](/public/imported_attachments/1/PFSense multiWAN 04.png)
![PFSense multiWAN 04.png_thumb](/public/imported_attachments/1/PFSense multiWAN 04.png_thumb) -
The load balancing is random. So if you have just 1 client doing a big download, then that will go on 1 of the links and you will see the graph like this. But if you have many clients doing things, then it should usually average out to use both links about equally (with each gateway weight 1, like you have).
The general pass rule on every LANn needs to specify gateway MultiWAN. Maybe there are some rules on your LAN/s that are matching traffic but not specifying gateway MultiWAN? -
The thing is that i have many users behind routers (without nat)
My LAN rules looks like this (att)
subnets_inf - aliases with my networks subnets, the rest are single rule-row for each alias - clientHave You any idea ?
![PFSense multiWAN 05.png](/public/imported_attachments/1/PFSense multiWAN 05.png)
![PFSense multiWAN 05.png_thumb](/public/imported_attachments/1/PFSense multiWAN 05.png_thumb) -
On those rules for the individuals to any - "beep", "AdamekIrena"… - you need to have gateway MultiWAN selected (in the advanced section of the rule page) - that will show in the Gateway column. I can't see that in the screen shot because the alias popup box is covering it.
-
Yes, I have it
For every single rule - gateway as multiwan and in/out pointed… -
That should work - but I haven't really looked hard on my systems to see if a limiter (In/Out) and load-balanced gateway group works together as it should. (The devices I have on limiters are in failover gateway groups, so they only get fed to 1 gateway at a time.) I will try the load-balanced gateway limiter combination at work tomorrow.
You could see if the limiter is causing a problem - take the limiter off a rule and see if the corresponding subnet starts to load-balance.
Can anyone else confirm if this combination works for them? -
..when I unCheck 'use sticky connections' both WANs are used and the transfer is about 50/50… so it is good, but i have to use 'sticky connections to not let to drop https connections /or is there any other way ?