Routing thru opt1

  • ISP3  ISP1                                                                                  ISP2
          |      |                                                                                        |               
          |    WAN (static from ISP1)                                                          WAN (static ip from ISP2)
          |      |                                                                                        |
          |->PFSENSE <–->OPT1<--------------------------------->LAN<--->PFSENSE      for the routing box i have 16 public ip1s
            FOR CLIENTS                                                              | |    ROUTING BOX  from the ISP2
                  |                                                                        | |
                  |                                                                        | |
            LAN CLIENTS (DHCP                                | ->WEBSERVER1 (static ip from ISP2)
                  |                                                                        |
                  |                                                                        |
    VIDEO SURVEILLANCE                                                            |->WEBSERVER2  (static ip from ISP2)

    This is my routing scheme:
    I have 3 ISP`s (two for pfsense clients box and one for WEBSERVERS)
    I have policy routing for clients ex: HTTP goes thru ISP1, ETC goes thru ISP2 and ETC goes thru ISP3
    and everything goes well. I have also loadbalance and failover between this three ISP

    My problem is that somewhere in my LAN CLIENTS i have an VIDEO SURVEILLANCE SERVER and for that one
    i want to make a special rule to route thru LAN CLIENTS----->PFSENSE FOR CLIENTS----->OPT1--------->LAN OF PFSENSE ROUTING BOX
    ---------> and finally to ISP2. It was easy to make firewall rules for that but my problem is that for this surveillance system
    i want to use one of the public ips from ISP2 and i tried a lot of conf. but none of them worked. Attention: For my LAN CLIENTS i have DHCP enabled and for the SURVEILLANCE SYSTEM i want to use a different IP (one of the public ips from ISP2)
    for example LAN is and VIDEO SURVEILLANCE 94.53.. !!!

    Any sugestions???  At least a start point?

  • it seems that i have no answer:

    I will post again what i need in a simple way:

    WAN 100Mb/s
                                                              |PFSENSE |
            20Mb/s        20Mb/s        20MB/s    | ROUTER  |
            WAN          WAN1        WAN2      | _______ |
                |              |                |              LAN
                |              |                |                |
                |              |                |              WAN3
          |    PFSENSE BOX                                        |
          |    DHCP  ON LAN                                        |
          |    CAPTIVE PORTAL ON LAN                        |
          |    LOAD BALANCING                                    |
          |    FAILOVER                                              |
          |    POLICY BASED ROULES ON LAN                  |
                      LAN NET
                    IP CAMS

    Everything goes well except that i dont know how to route the VIDEO SURVEILLANCE thru 100Mb/s connection.
    I need to give to the SURVEILLANCE SYS. one public ip that belongs to    100Mb/s WAN but my lan net has different subnet


    First of all my PFSENSE BOX has only 5 NICs including the onboard one (not possible to add one more, system has only 4 PCI slots for) First move was to exclude the PFSENSE ROUTER and put his WAN ip to WAN3 from my PFSENSE BOX as shown in graphic. Now i have one box with WAN1, WAN2, WAN3, WAN4 and one LAN Next move was to add one more subnet in my LAN and i did that from shell: ifconfig fxp0 IP netmask subnet alias tutorial available **HERE** []( Now i have two subnets with different IPs with the same gateway, in my case LAN.
    With some rules in LAN to route every subnet to desired direction all is fixed and working well.
    Because the purpose was to route some public IP`s i have used also manual outbound in NAT for these.
    And finally with only one PFBOX i can control all that i need (WEBSERVERS, SURVEILANCE SYSTEM, DHCP CLIENTS, ETC)

    BTW i have tested 2.0 ALPHA and his new features are awesome. I`m waiting for it because for the moment i saw some things that need attention and of course a lot of work.

  • very nice post, sure it will be useful in the future :)

  • For around 200$ you could get a Gb nic and a HP1800-8G Vlan switch. For security reason it would better IMO.

  • i have vlan capable switches from asus but i dont wanted vlan

Log in to reply