Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN Routing NAT problem

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 413 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vrugaitis
      last edited by

      Hello,

      I am using the pfSense 2.3.4 version on a Fujitsu RX 100 S6. I have attached another network card to have 4 NICs on the Fujitsu server. I also have two physical WANs and a FortiGate 60d Firewall that I have to integrate into the system. The FortiGate 60d is a firewall for a connection to another company. The FortiGate does not tunnel the internet connection and that is why I have to input 3 NICs to the router (1 NIC for WAN 1, 1 NIC for WAN 2 and 1 NIC for the VPN).

      Network map

                      WAN                     WAN
                       :                       :
                       : DSL                   : DSL
                       :                       :
                   .---+---.                .--+--.
             WAN 1 |  DSL  |     Modems     | DSL | WAN 2
                   '---+---'                '--+--'
                       |                       |
              Ethernet |                       | Ethernet 
                       |                       |
                  .----+----.             .----+----. 192.168.78.1/24   .----+----------.
                  | Router1 |    Router   | Router2 +-------------------+ FortiGate 60d |
                  '----+----'             '----+----'			  '----+----------'
                       |			 |			       | 192.168.78.25/24
                       |			 |			       |
                       |			 |			       |
                       |			 |			       |
                       |			 |			       |
                       |			 |			       |
        192.168.0.1/24 |                       | 192.168.78.1/24             |
                       |                  .---------.                        |
                       +------------------| pfSense |------------------------+
              192.168.0.80/24             '----+----' 192.168.78.50/24
                                               |
                                           LAN | 10.0.0.1/24
                                               | 
                                         .-----+------.
                                         | LAN-Switch |
                                         '-----+------'
                                               |
                                       ...-----+-----...
                                       (Clients/Servers)
      

      What I try to achieve.

      • WAN 1 and WAN 2 load balancing - works already as expected. I have followed the following tutorial, but I had to make a small change to be able to utilize both WANs. Otherwise during speed tests I could see, that only one of the two NICs were used. So I had to delete the rules for Link Failover (step 7) and then both interfaces were used in parallel.

      • Integrate the FortiGate 60d firewall. The firewall enables us to connect to some resources of another company. Those resources are reachable unter the IP subnet 94.0.0.0/8. There is also a pingable DNS server of the other company located at 94.41.32.23.

      What I have done.

      • Setup 3 interfaces for those 3 NICs

      • Load Balancing for WAN 1 and WAN 2

      • DNS Server of the other company - to be able to resolve the foreign ressources

      • Static Route for the subnet of the foreign company

      • DHCP server for the local clients on LAN

      The current status.

      • Routing, DNS, DHCP works fine for the clients (10.x subnet). The clients connect to the internet via both WANs

      • Regarding the Firewall of the foreign compoany. On the pfsense I can resolv URLs to the right adresses. So, on the pfsense the DNS works already. But if I try to telnet {specific_another_companys_url} 443, I can connect to the foreign server, but if I try to get the index page of the server GET /, the connection is immediately closed. I think that my request goes correctly out to the foreign server (Because of the static route), but the response to the pfsense is wrong, because some NAT rules or something else is missing.

      I appreciate any help or tipps!

      Kind regards,
      vrugaitis

      1 Reply Last reply Reply Quote 0
      • V
        vrugaitis
        last edited by

        Hello,

        I have managed to resolve the issue myself.

        For those, who stumble upen similar situraion, I only had to define a LAN rule to sent all traffic with the destination 94.0.0.0/8 through the VPN gateway.

        Kind regard,
        vrugaitis

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.