Dual WAN, adding OPT2 for wireless/dual LAN ?

Valhalla1 · Apr 20, 2008, 3:28 PM

I've got a working dual wan -> one lan setup with pfsense.

I'd like to add an OPT2 interface, and string a linksys wireless router to that, and have wireless clients on a seperate subnet, but accessing the net through the pfsense loadbalance

currently, the dsl modem is acting as wireless access point, which is in front of pfsense on my network and thus can't take advantage of loadbalance or services on pfsense. In the diagram below wireless clients are currently on 192.168.2.x and not affected by pfsense

so I created the OPT2, plugged in the linksys.. it wants to NAT yet another subnet behind it, too. devices are assigned IP's by the linksys when connected but can't get out to the internet. I'm not sure what kind of rules or NAT setup on pfsense I'll need to setup OPT2 to get online but firewalled off the LAN


       		         WAN CABLE DHCP                LAN  192.168.1.1---192.168.1.xxx
		 		                      \		           / 
 		 		                          - PFSENSE - 
				                       /		       \ 
   OPT1 DSL 192.168.2.1--192.168.2.2 		            OPT2 192.168.3.1 --- Linksys AP 192.168.3.2  ~ ~ ~ 192.168.3.x wireless clients

the only rule I've currently made is to PASS TCP source * dest * on OPT2, gateway LoadBalance

but that didn't allow internet access from a pc 192.168.3.100 plugged into the linksys

Valhalla1 · Apr 14, 2008, 7:01 AM

and I suppose the proper method is to slap a wireless card in the pfsense box, but pfsense is on specialized hardware and thats not possible at the moment, so I decided to instead string a linksys wireless access point off a spare pfsense ethernet port

Perry · Apr 14, 2008, 7:05 AM

http://forum.pfsense.org/index.php/topic,8814.msg49609.html#msg49609

Valhalla1 · Apr 14, 2008, 7:21 AM

@Perry:

http://forum.pfsense.org/index.php/topic,8814.msg49609.html#msg49609

I'm not sure I follow.. that looks like he's pointing all traffic to a specific WAN, I'd like my OPT2 traffic to get loadbalanced

I guess I need some static routes and firewall rules but I'm not quite sure exactly how to set them yet.. I tried following your linked post, but changing it to 'load balance' but I dunno, this is what I have for now
also no static routes yet.. when I click add, it looks like it wants a network address /32 what do I put there for a single IP (isp's dns server ip)
I guess I need one static route for WAN's dns and one for OPT1's dsn for loadbalancing to work?

Valhalla1 · Apr 14, 2008, 7:43 AM

ok per this post
http://forum.pfsense.org/index.php/topic,5686.0.html

I changed it so instead of pfsense plugged into linksys's external port, I've plugged it into just a regular switch port and enabled DHCP on OPT2. machines plugged into linksys switch ports (and I assume wireless clients, havent tested yet) get IP's in 192.168.3.x from pfsense but can't access internet

hoba · Apr 14, 2008, 10:15 AM

That first rule on your opt2-interface doesn't make sense at all. Delete it.

Perry · Apr 14, 2008, 10:33 AM

That first rule on your opt2-interface doesn't make sense at all. Delete it.

It is used to get to the DNS Forwarder, though the gateway prolly should be *

In a multiwan setup where you have more than 1 lan interface and need loadbalance or wan2 access it combined with static routes is needed to resolve DNS.

hoba · Apr 14, 2008, 10:34 AM

Yep the gateway is wrong in that rule. Sorry, not enough sleep tonight ;)

Valhalla1 · Apr 18, 2008, 12:06 AM

thanks.. changed the rules to have gateway * and added static routes to WAN and OPT1 DNS servers and I can get online now from OPT2 subnet, through WAN only of course.. going to fiddle with it and see if I can get OPT2 to use the LoadBalance instead of only WAN