Configure pfsense with 4 nic card where 3 nic card will use for ISP
-
KOM and Phil Thanks for reply !!!!!
I am trying to configure but can you guys please help me out with creating gateway group and writing rules for these group or other person who has good idea about this.
–
Regards,
Ashwani Kumat -
I've never tried it as I have only ever had one WAN to play with.
-
System->Routing, Groups tab. Add a group. Make all the WANs Tier1 to make a load-balanced group, or set an order of tiers if you want to have some traffic use a particular WAN and failover over to other/s.
Firewall->Rules, LAN.
Add rule/s above the pass all rule.
For traffic you want to load-balance (e.g. all traffic to HTTP/HTTPS ports), put a rule to pass source LANnet, destination any IP and ports HTTP, HTTPS. Select the load-balance gateway group in the advanced section.
For traffic you want to failover (e.g. to mail server/s) put a rule to pass source LANnet, destination any IP, ports (a list of mail server ports 25…). Select the failover gateway group.You have to first define yourself where you want the traffic to go on the various WANs, then you can design an implementation of gateway groups and rules to achieve it.
-
Take note of your gateway monitoring since most cable connections coming out of the modem are already translated unless you're in bridge mode. Failover rules might not work properly.
-
also: don't loadbalance https.
plenty https sites get broken if they get a different source-ip every other time. -
My question is: adding the second, third, etc. WAN, how can I force pfSense to apply the same WAN firewall rules to the other WAN(s)?
-
you could create interface groups and apply firewall rules on the group instead of the individual interfaces.
(interfaces–>assign-->interface groups) -
Isn't simpler to just tell pfSense "this is another WAN interface; please, setup firewall rules accordingly"?
Or, just creating another WAN (aka, another interface with no rules in it, except for Bogon ones) is sufficient?
-
pfsense doesn't have WAN-interfaces …. it just has interfaces. In other words, there is (currently) no system in place to distinguish a use-case between interfaces. (any interface can be a wan or lan or tunnel or .....)
everything can be changed offcourse, but i don't know if anyone would want to. -
Are you still facing the issue? If so, then try visa card generator with money available online. You can try it I hope it might help you.
-
If you want to buy aws without your free credit card on amazon then i suggest you to try real credit card generator.
