Replicating multi-DDWRT routers into one PFSense box
-
Hello everyone!
I've recently set up a PFSense box given that my current routers are nearing the end of their service lives. Unfortunately, being a long-time DDWRT user, all that I have accomplished to do with the initial PFSense setup is to configure 2 WANs and 1 LAN interface. I've been reading for the past 24 hours from various sources but I can't seem to get how to configure very specific routes, NATs and rules that would replicate my old setup for a seamless transition.
For reference, please refer to Old setup.png
I am not interested in load-balancing and fail-overs. In fact, what is important to me now is how I can assign virtual IPs to both WANs so that they can act as separate gateways–similar to my previous setup--including a proxy server for my second WAN to accommodate all browsing traffic, and for all DHCP clients to use my second WAN as their default gateway.
Of course, caching through either WAN would be required, but not as immediately as this. Kindly refer to Phase 1 target. If you have a better suggestion than my plan, please let me know.
Once I am able to acquire a four-port LAN card, I will remove the final DDWRT router. See Phase 2 target. Caching this interface would also be required.
Finally, once my 4G connection comes in, I will connect it to PFSense via USB where it will act as a backup when my wired connections (ISP 1 and 3) go down, while still ensuring separate connections for gaming and browsing. See Final target.
I hope the inclusion of the images would better communicate what I am trying to do as I am not only very frustrated that I can't grasp the idea of PFSense configs but I am also very tired from all the reading and experimenting. If you could let me know if either of my plans are impossible or if there are other, more efficient ways of accomplishing this, it would be highly appreciated if you could point me to the right direction.
![Old setup.png](/public/imported_attachments/1/Old setup.png)
![Old setup.png_thumb](/public/imported_attachments/1/Old setup.png_thumb)
![Phase 1 target.png](/public/imported_attachments/1/Phase 1 target.png)
![Phase 1 target.png_thumb](/public/imported_attachments/1/Phase 1 target.png_thumb)
![Phase 2 target.png](/public/imported_attachments/1/Phase 2 target.png)
![Phase 2 target.png_thumb](/public/imported_attachments/1/Phase 2 target.png_thumb)
![Final target.png](/public/imported_attachments/1/Final target.png)
![Final target.png_thumb](/public/imported_attachments/1/Final target.png_thumb) -
Are all ISPs different ISPs with unique gateways?
There are several ways to do this, some better than others. I'll take a shot at it, I'm sure smarter people will opine improvements.
You'll want to create a gateway group and tier the connections. You may need to create a floating rule to pass port 80 out different gateways to support the web browsing failover. Avoid USB networking if you can.
I'll write something more through once I get off this iPad.
-
Thank you, Tim. Hopefully my sample situation below can further clarify my end goals:
Current situation (please refer to old setup.png in original post):
PC 1 is playing a Online Game 1. The computer has a static IP which uses ISP 1 as the default gateway of Windows. Meanwhile, the user is also streaming videos and downloading huge files through Chrome. It doesn't affect the latency of ISP 1 since it is using ISP 2 through a proxy server. User then decides he wants to end his current game and play Online Game 2. This game has high latency when ISP 1 is used, so user runs a vbs script prior to running it that changes Windows' default gateway to ISP 3. Connection to ISP 2 via proxy server via Chrome is unaffected, so user can keep downloading without affecting his latency for Online Game 2.
This behavior is replicated among all computers with a static IP, effectively diverting all traffic that uses the proxy server away from ISP 1 and 3 and keeps them using ISP 2.
Meanwhile, a DHCP client connects. He gets assigned to the ISP 2 gateway. All traffic from DHCP client goes through ISP 2.
This is the behavior accomplished by 3 DDWRT routers which I wish to replicate in PFSense. No fail-overs, no load-balancing. It might be a dirty situation for some but since I don't have networking certifications (and it works as I envisioned it), it is something I would like to stick to. It makes it quite easy for the end-user to choose his connection and game without crippling his ability to download.
There are already guides posted on the net regarding similar setups, but those I've seen do not involve three ISPs where user can choose his Windows gateway. I have yet to figure out how to assign three IPs for each of the gateways for my ISPs.
I wish to confirm if this would be possible along with the caching feature of a PFSense package Squid. I'm currently beginning to understand static routes but I think I'm still a long way from that Eureka moment.
-
If you know the ports that each game uses and which PC they are coming from, you can use policy-based routing in pfSense to program the routes and be done with it. Then DHCP users would have GW2 assigned to them via the DHCP server.
Not too difficult. It does take away from the users the ability to pick their own gateways, but it makes the whole thing simpler, IMHO. No need for a static route.
See attachment for a very simple example of this. I have a computer on LAN that I want to route out the WAN2 gateway. So I created a rule that says all traffic from that server should go out through that particular gateway. I could say, for example, route all traffic from port 80 out that gateway so web queries go through that gateway. You'd do something similar for the PC with static IP addresses for the protocols/ports they're using. Essentially, "if it comes from X and is going out port Y, route to gateway Z".
![Screen Shot 2015-08-13 at 12.08.21 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-13 at 12.08.21 AM.png)
![Screen Shot 2015-08-13 at 12.08.21 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-13 at 12.08.21 AM.png_thumb) -
NetSetMan
Is a IP address, Subnet and Gateway changer for MS Windows. -
@tim
So essentially I wouldn't need the proxy server for ISP2 to route my http traffic through? I just capture all port 80/443 traffic and route through GW2? I'll keep reading up on this. :)Unfortunately, with regard to the games, in situations where either ISP is experiencing latency issues, I would like the client pc to be able to set his own gateway based on his preference.
I guess aside from the question above, my next is how do I assign an IP address for ISP 1/3 so that changing the gateway of a client pc would divert non-port 80/443 traffic to it? Example, changing the gateway IP of PC1 to 192.168.1.252 would use ISP 1, changing it to .253 would change to ISP 3?
@blue
Yes, that was advised to me before. I didn't like its issues with admin privileges. Besides, a vbs script is much simpler than installing a program. :) And my IP issues concern the pfsense gateways. The clients have no problem for as long as I can get the box functioning similarly to my triple-ddwrt setup. -
I guess aside from the question above, my next is how do I assign an IP address for ISP 1/3 so that changing the gateway of a client pc would divert non-port 80/443 traffic to it? Example, changing the gateway IP of PC1 to 192.168.1.252 would use ISP 1, changing it to .253 would change to ISP 3?
You can't. The client machines will only see one gateway, pfSense. Only pfSense will see the additional gateways, and it would manage the connections to those gateways.
If you used load balancing, which would be the best approach IMHO, the only challenge would be traffic being redirected over a different gateway mid-game. My guess is that you'd probably get disconnected from the game.
-
In normal he should be able to set up three WAN ports and for each WAN Port one Gateway, and this would be
set up in every computer as he need it right for his gaming, changing by a script or however, this would be
running for sure, without all load balancing and fail over set ups, but this is tiny what an admin guy will never
set up in normal, but if it is really helping you out in this situation you can try it out! If not MikroTik RouterOS
is able to do so and you should perhaps give this a try out. -
Okay I think I lost you guys. Tim says I can't assign separate gateway IPs for each ISP, which based on my goal of replicating my current setup will then mean I can't proceed unless I go the route of similar multi-wan setups using PFSense. Which isn't something I'm prepared to do. Yes, I'm a little stubborn. :)
However, if what Frank is saying is true, then how do I proceed with that? I think if I can get that started, I can start applying what I have read so far along with the help Tim has earlier provided.
Backup scenario I'm thinking of for my setup is running a VM Server with 3 DDWRT appliances. Yes, it's dirty. That's why I'm trying to get with the times and learn PFSense. I'm hopeful it could be done.