Need some help with dual-wan



  • hi guys, i hope i will be able to receive some precious advice here how should this be done to overcome my difficulties/utilize what i have.

    currently, i have 1 fibre connection thats 200mbps downlink, and 8mbps uplink , 1  lte connection that is 100mbps downlink, 50mbps uplink, both are dynamic ip address. with with help from pfsense, i was able to get a 300mbps downlink and 50mbps uplink connection speed, however, my problem comes with the ip addresses. am i able to do manual NAT and NAT traffic only on one WAN interface instead so i get a more stable ip address? as at the moment, it randomlys jumps from 1 ip address to another, which is affecting many things.



  • anyone able to share is it possible to only have 1 ip showing instead of it rotates through all of them?



  • NAT is not the issue, nor will it correct the "behavior".  You have implemented multi-WAN which is intended to Load Balance across 2 WAN links. Sounds like it is performing as designed. You don't specify what you want it to do, therefore I'll teach you to fish.

    pfSense is a "stateful" firewall. i.e. it tracks the state of connection between your workstation and google, for example., or any other website the workstation visits. These connections are discrete and separate, therefore the workstation can have 20, 30, or 100 different connections, to multiple web sites, and pfSense tracks those connections individually as "states". There's more to it, but that should give you a basis on what's happening next.

    Gateway Groups define the general behavior of the 2 WAN interfaces. I have LoadBalance where WAN1 and WAN2 occupy the same Tier, PreferWAN1 where WAN1/Tier1 and WAN2/Tier2, PreferWAN2 where WAN1/Tier2 and WAN2/Tier1. This defines the failover behavior as well as defines the first step in policy routing.

    Each new connection (state) uses the weight defined under System/Routing/Gateways/Advanced for the Gateways in the the Gateway Groups. Basically, if WAN1 is 100Mb and WAN2 is 150Mb, you might give WAN1 a weight of 2, and WAN2 a weight of 3. Connection 1 and 2 will traverse WAN1. Connection 3, 4 and 5 will traverse WAN2. 6 & 7 WAN1. 8, 9 & 10 WAN2.

    Firewall Rules: There are as many permutations of "what you want to do" as you can imagine here, so I won't get into details until I know what you want.  Suffice to say, I created LoadBalance, PreferWAN1 and PreferWAN2 in the example I gave earlier. Firewall / Rules / Edit / Advanced has a section called "Gateway" where you'll find a pull-down with a few things that are self evident, including your Gateway Group definitions.

    An example rule that I use: Banks don't like to see your traffic from multiple IP addresses, therefore HTTPS traffic should only use one Gateway. I like WAN1. Therefore in the rule created for HTTPS traffic on the LAN network, I tell it to only use PreferWAN1 as the Gateway. PreferWAN1 says use WAN1, except when WAN1 is not available. Use WAN2 if WAN1 is not available.

    Lots of permutations here. What exactly is causing problems? And did the above explanation help in sorting through the issues?


  • LAYER 8 Netgate

    "Sticky Connections" might help.

    System > Advanced, Miscellaneous, Load balancing, Use sticky connections


Log in to reply