Firewall/MultiWAN with DSL and Cable failover/load balancing

  • Firewall/MultiWAN with DSL and Cable failover/load balancing

    Sorry to be tedious and repetitive, but I have exhausted my abilities to understand this setup from info gleaned online.  I thank you in advance for any tips or advice.

    I have been working primarily with a document on the pfsense wiki MultiWanVersion1.2.  I have been using Smoothwall for a while and I've gone through about 3-4 installs and I more or less understand how it works, but I'm a bit confused about this multiWAN setup in pfSense.  When this is all done, and if it works, I'll be glad to amend, or add another article for the less technical among us.

    The goal:  Use my standard DSL connection from Speakeasy/Covad (WAN1) and add Comcast (WAN2) as a failover/load balancing setup.  I run a personal website (FTP, Internet Radio, RDC, etc) for me and friends and sometimes for work so I need to access from outside; obviously on my DSL.  I am mainly doing this to minimize downtime and hopefully increase some bandwidth heavy operations.

    I am still confused about bridged mode/router mode, but as I understand it, in bridged mode I'll use the fixed IP that my IP gave me, and in router mode I'll have an internal address on the inside of the modem (like  I think I'll be setting my DSL in Bridged mode (Static settings) and my Cable in Router mode (DHCP settings?).  I would expect to see settings for Type = Static or Dynamic.

    I would like to maintain the internal DHCP server from the LAN NIC to so I won't have to change all my internal PCs from what I'm using with Smoothwall.  I'm using just to go along with the default documentation.

    So some questions:

    1. Is this right?
    DSL = Fixed IP = Bridged mode = Static
    Cable = Dynamic IP = Router mode = DHCP

    2. The article implies that I need to change my modems (DSL - Broadxent 8012-V1, Motorola Surfboard SB5101) to work in router mode, but I'm not convinced I can, or should.  What's best?

    3. When running the setup wizard, the general parameters page asks for Primary and secondary DNS servers.  It says I a should get this from a DNS address list from WAN1 or WAN2 DNS list.  Where do I get these lists?  I see something in my WAN1 info from the Status > Interfaces list but I don't see that for my WAN2 status.  (a bit awkward to have to know this in the initial "setup wizard").  I think that this is to indicate a DNS that is used by the load balancing mechanism to detect an outage.

    Because I don't see a comcast DNS server in anything I have, I found a reference online (  What should I be using?

    4. In the same section, there is also a reference to a checkbox 'Allow DNS server list to be overridden by DHCP/PPP on WAN' but I don't have this checkbox in version 1.2.

    5. Typically, I think I only need DHCP on my LAN connection for my non-dedicated PCs (I have fixed IPs for my IIS server, etc.).  Why DHCP on my WAN2 (perhaps this is answered above)

    Here are the settings I think are critical:
    Static IP configuration:
    IP address: 69.17.44.nnn

    DHCP IP configuration
    Bridge with: none 
    IP address: ?
    Gateway: ?


    built on Sun Feb 24 17:04:58 EST 2008

    Here's what I have from Status > Interfaces [my comments in square brackets]

    WAN interface (fxp1) [Static - Broadxent 8012-V1 from Speakeasy]
    Status up 
    MAC address 00:00:00:00:00:6c 
    IP address 69.17.44.nnn   
    Subnet mask 
    ISP DNS servers [detected by pfsense?] [detected by pfsense?] [detected by pfsense?] [what I use on smoothwall; provided by speakeasy] [what I use on smoothwall; provided by speakeasy]
    Media 100baseTX <full-duplex>In/out packets 7950/7017 (723 KB/1.39 MB) 
    In/out errors 0/0 
    Collisions 0

    LAN interface (fxp0) 
    Status up 
    MAC address 00:00:00:00:00:aa 
    IP address [currently using 1.1 just to go along with wiki doc, but want 0.1]
    Subnet mask 
    Media 100baseTX <full-duplex>In/out packets 9213/7867 (1.35 MB/3.62 MB) 
    In/out errors 0/0 
    Collisions 0

    WAN2 interface (xl0) [Motorola Surfboard SB5101 from Comcast]

    [if I set this up as DHCP]
    Status up 
    DHCP up   
    MAC address 00:00:00:00:00:c9 
    IP address _Subnet mask 
    Gateway _Media 100baseTX <full-duplex>In/out packets 655332/35434 (41.79 MB/3.32 MB) 
    In/out errors 0/0 
    Collisions 0

    [if I set it up as static]
    Status up 
    MAC address 00:10:5a:e4:9c:c9 
    IP address 
    Subnet mask 
    Media 100baseTX <full-duplex>In/out packets 198691/36068 (13.21 MB/6.78 MB) 
    In/out errors 0/0 
    Collisions 0

    found this info on the Internet about DNS for Comcast: Comcast (national) Primary DNS Server. Comcast Secondary DNS Server.</full-duplex></full-duplex>__</full-duplex></full-duplex>

  • found this info on the Internet about DNS for Comcast: Comcast (national) Primary DNS Server. Comcast Secondary DNS Server.

    If they answer to ping you can use them.

  • Thanks Perry,

    What I found is that these are indeed pingable from the command window, but when I ping from WAN2 from within the software (), nothing seems to work,

    Still trying to understand what settings to use for my home version of Comcast.  Right now I've got it running as Static with IP address defined in the OPT1/Wan2 setup as and the Gateway as 24,130.243.53, or, or what shows up on the Status/Interfaces…  Nothing seems to make it look like it's working.

    Current big question:  What is the preferred setup for Comcast (home service) Static or DHCP and what IP and Gateway should be used?


  • I don't have Comcast but what I do is.
    On my wag200 modem I can set an IP to DMZ. In my case i use
    On wan2 nic I then set it to static gateway
    As monitor ip's under load balancer I use my ISP DNS servers.
    To test, use Diagnostics -> Traceroute and enter IP of the ISP DNS and you should see traffic being routed out the correct way.

    OPT1/Wan2 setup as and the Gateway as 24,130.243.53, or,

    If I should guess is your gateway.  If a DHCP range is set on your modem, select an IP outside of it. Maybe

    As an alternative testing of your comcast modem you could boot from a ubuntu livecd to see if it works.

  • Perry,
    Based on your notes I tried the settings that the modem seems to have by default (I see no way to set the IP addresses) (as the gateway) and a value, probably outside its assignment range of for the IP.  Sadly it did not work.

    For my Comcast modem SB5101 (home account):
    I see that it can be accessed when connected to directly at:  I can see some stats in a web interface, but it has no options for changing anything AND I see no indication about what mode it is in.

    Apparently it seems that the SB5101 is a DHCP server for a short time when it is booting and if it fails to connect.  After that it retrieves what I think is a random IP address and it seems, so far, that the gateway value is consistently,

    This is what I see in Status > Interfaces menu:
    OPT1/WAN2 in DHCP Mode,
    Status up 
    DHCP up   
    MAC address 00:10:5a:e4:9c:c9 
    IP address    _Subnet mask 
    Gateway  _[dns servers are unknown although I've found references online]

    The next step is to find a way to enter the correct values for the Comcast modem so that it can ping an appropriate DNS server.

    Questions for OPT1 setup:

    1. Static or DHCP?

    2. As there are no other meaningful settings for DHCP, if I select Static what should be the values for (options seem to be):

    For IP address:

    For Gateway:

    For DNS Servers (to go into System > General Setup menu as DNS 2)

    None of these so far pingable from OPT1/WAN2.


  • You should really try a livecd to make sure your connection works

    1. Static or DHCP?


Log in to reply