Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WANs and 2 LANs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cyberlocc
      last edited by

      I need 2 networks, 1 for internal business and a second for our "Hotel Wifi", so I need 2 fully isolated WANs and LANS. Right now both WANs will be DHCP, though that will quickly change, as the Internal business needs a Static Internet address.

      I have a quad port Intel NIC, and have been trying to set this up but keep hitting snags, and trying to google different setups for this and hit walls in finding Info.

      So is there anyway to set this up? I am getting mixed answers and very unclear workarounds.

      So what I have and want.

      My modem is split with a switch into 2 different IPs right now, then it goes to 2 separate routers, though I would like to consolidate to 1 PFsense box.

      I then want WAN 1 tied to LAN 1, with Internal IP range of 192.168.15.X - 192.168.15.X, and then WAN 2 tied to LAN 2 with Internal IP range of 192.168.1.X - 192.168.1.X.

      Is this possible and how can I achieve it?

      1 Reply Last reply Reply Quote 0
      • D
        DeLorean
        last edited by

        Is it a problem if the "Hotel Wifi" use the same WAN adress, but on a separate LAN ,
        isolated from the "Business" ?

        Or is it necessary for both using different WAN adresses ?

        Based on that answer, i can provide you a solution, because there are multiple setups possible
        to achieve what you want.

        Grtz
        DeLorean

        1 Reply Last reply Reply Quote 0
        • C
          cyberlocc
          last edited by

          @DeLorean:

          Is it a problem if the "Hotel Wifi" use the same WAN adress, but on a separate LAN ,
          isolated from the "Business" ?

          Or is it necessary for both using different WAN adresses ?

          Based on that answer, i can provide you a solution, because there are multiple setups possible
          to achieve what you want.

          Grtz
          DeLorean

          Hey thanks for the fast reply. Yes it necessary to have them on different IPs. For a few reasons, security for one keeping them isolated from my web server, and also we will have a static IP for business and dont want them on that IP as it will be used for auth.

          More so, the way the laws for hotel wifi are setup they have to be on a completely different IP, or we are liable for any illegal activity's they commit (Due to us using the same IP, silly but it is what we are being told.)

          I have what I think it is almost there, I have 2 lans setup, with DHCP, and I have 2 Wans both getting their own IPs. When I connect to the second lan, it shows me the second Wans IP in Trace route, however I am having a DNS issue, that stops net access.

          I just changed the outbound rules to match up, so WAN 1 is connected to LAN 1, and W2 to L2, and separated Lan 1 and Lan 2 in the firewall rules.

          1 Reply Last reply Reply Quote 0
          • S
            starshooter10
            last edited by

            I've been working on a similar setup but with 2 WAN

            So far I've setup both LAN interface, but under firewall - rules I changed the gateway and made block rules to keep them separate.

            Disable the guest webUI page(and ssh) , you done want them playing with that device!

            1 Reply Last reply Reply Quote 0
            • C
              cyberlocc
              last edited by

              @starshooter10:

              I've been working on a similar setup but with 2 WAN

              So far I've setup both LAN interface, but under firewall - rules I changed the gateway and made block rules to keep them separate.

              Disable the guest webUI page(and ssh) , you done want them playing with that device!

              I have 2 wans as well lol. And done everything you have, however the issue comes when you try to route traffic from lan 2 to wan 2, the status monitor for me shows wan 1 and wan 2 being used, with traffic only on lan 1. However lan 2, trys to go through WAN 2, it hits a block and cant see the Gateway.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Just policy route that LAN out WAN2 and be sure it has outbound NAT.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • C
                  cyberlocc
                  last edited by

                  @Derelict:

                  Just policy route that LAN out WAN2 and be sure it has outbound NAT.

                  Ya that is what I was doing, however I think my issue was that, I had the same gateway on both WANs, however jusr got off the phone with ISP they are going to give me another Static IP, with a Separate Gateway and Subnet, so hopefully that will work now.

                  Its provisioning now, so we will see in a few hours.

                  Do you think I would be better off, using a VIP? Since they are both coming from the same modem, I could eliminate a switch in between.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    So it is really one service and all you want to do is make one LAN egress out one IP address and the other out another?

                    Yes, a VIP is much easier for that than two different WANs. Especially if it's not really two different WANs.

                    Just get a /29 from them instead and outbound NAT one subnet source out the interface address and the other subnet source out a VIP.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • C
                      cyberlocc
                      last edited by

                      @Derelict:

                      So it is really one service and all you want to do is make one LAN egress out one IP address and the other out another?

                      Yes, a VIP is much easier for that than two different WANs. Especially if it's not really two different WANs.

                      Just get a /29 from them instead and outbound NAT one subnet source out the interface address and the other subnet source out a VIP.

                      Ya I think that is what I am going to do, especially because then I can have some extra IPs for DMZ's. The sales department was closed to have to get with them tomorrow, he told me we can provision this for now, and then if you want we can just up it to a /29 tomorrow.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.