Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    MultiWAN - Seperate LAN segments to designated WAN interface

    General pfSense Questions
    4
    10
    503
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AIC2000 last edited by

      Hi,

      Is it possible to (for example) have 2 different DHCP pools, and each pool points to a specific WAN interface?

      I am going to have a setup that has 2x WAN interfaces, and it would be beneficial to put the VOIP on one WAN interface, and the internet traffic on the seperate interface.

      Am I right in thinking that with Load Balancing the WAN port, the IP's of (for example) SIP phones could change, and therefore the connections to the VOIP server would become unstable?

      Thanks for any tips!

      1 Reply Last reply Reply Quote 0
      • A
        AIC2000 last edited by

        Is it not possible?

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Yes, except there is no (easy) way to tell this group of MAC addresses to be assigned out of this pool that that group of MAC addresses to be assigned out of that pool.

          You can have one DHCP pool, say 192.168.1.225 - 192.168.1.254, and assign dynamic addresses out of that, then set static mappings from 192.168.1.33 - 192.168.1.62.

          You then policy route traffic sourced from 192.168.1.224/27 out one WAN and traffic from 192.168.1.32/27 out the other.

          Just an example. Complete flexibility exists in subnetting choices.

          Else put your voice devices on one subnet/vlan and everything else on another and policy route the interface networks as desired. Then they could both be dynamic pools.

          You might be able to do something with the MAC address allow/deny lists in the different pools but I have never done it. Maintaining static mappings is probably more straightforward and easier. If you are dealing with a set of phones in specific OUIs or something it might be workable.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • A
            AIC2000 last edited by

            Thank you @Derelict

            I could very easily just map static IP's on the same subnet to the phones - is there a guide or instructions on how I could route a range of IP's (192.168.1.40 - .50) to use one WAN connection?

            Thanks again

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              Search for Multi-WAN.

              https://doc.pfsense.org/index.php/Multi-WAN

              Instead of a gateway group you can just use the gateway for a specific interface.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • A
                AIC2000 last edited by

                Thanks again @Derelict

                I found that doc before I posted here, it's very structurred but very vaque in the actual configuration hence why I am a little stuck on this one!

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  If all of your VoIP phones are from the same OEM then using the MAC address controls is much easier than statics.

                  For this example, we'll say your Phone MACs all start with "aa:aa:aa".

                  First, setup your DHCP server so it has two pools

                  On the pool for the USERS, add "aa:aa:aa" to the MAC Deny list. This will ensure that your phones cannot pull an IP address from that pool, but everyone else can.
                  On the pool for the PHONES, add "aa:aa:aa" to the MAC Allow list. This allows your phones to pull an IP address from that pool and nobody else can.

                  Then you can match and policy route the pool ranges as needed.

                  If your MACs are inconsistent or you have a mix of brands then statics may be easier.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • A
                    AIC2000 last edited by

                    Wow, thanks @jimp - great suggestion!

                    I haven't purchased the phones yet but will be doing so soon.

                    Once I have both static pools (either by mac or static designation) setup, how do I say "Pool X use WAN X" and "Pool Y use WAN Y"?

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • ptt
                      ptt Rebel Alliance last edited by

                      "Policy Routing"

                      https://doc.pfsense.org/index.php/What_is_policy_routing

                      1 Reply Last reply Reply Quote 0
                      • A
                        AIC2000 last edited by

                        Is this how you do that?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post