Need help with two WANs



  • Yesterday I changed my pfSense configuration. I added a second gateway (WAN1) to connect to the Internet from LAN1. WAN2 is for LAN2 and GLAN.

    The first thing I did was I added an interface and configured it as PPPoE (both of them are PPPoE). Then in the firewall rules I configured which interface to use which gateway.
    But then I ran into a problem. As you can see on one of the screenshots Gateway WAN1's Status is "unknown" and the other values are "pending".

    Is there any way to fix this? I thought, that this error comes up because both of them have the same Gateway-IP-Adress. I already tried changing the Monitor IP in Gateways, but then the Gateway's show up as offline (I can still access the Internet). I can't change the Gateway-Adress, as it is set to dynamic.

    I don't want any failover or load balancing, if that changes anything.

    Screenshots:
    https://drive.google.com/open?id=0B5MY92jm0NVhQVV1TVZlVWJsWFk
    https://drive.google.com/open?id=0B5MY92jm0NVhNF9oY0tEbGZlNXc



  • At first on this topic, for sure you may be able to walk down the road as you need it or want it.
    You may be able to configure each WAN Port (Wan1 & WAN2) as a unique or single WAN interface
    and then you set up on the clients in the LAN the gateway for reaching WAN1 on some clients and
    the other clients will be getting the gateway Address fro reaching WAN 2 to have access to the
    Internet.

    But this might be killing all abilities that pfSense is serving you to get more out of you both Internet connections.
    What is if one gateway fails, and what if this is only for one day? Are you willing to change that even and even again?

    Yesterday I changed my pfSense configuration. I added a second gateway (WAN1) to connect to the Internet from LAN1. WAN2 is for LAN2 and GLAN.

    What please is GLAN? And why you are setting up not two VLANs?
    Is there on each LAN port one LAN configured?

    The first thing I did was I added an interface and configured it as PPPoE (both of them are PPPoE). Then in the firewall rules I configured which interface to use which gateway.

    As stated above you may be able to set up each gateway as you want or must do, or in short on your own willing.
    But you can also get the chance to set up like all other with more benefit on top of this too!
    You have normally three well known load balancing methods and they are for spreading the pakcets, services
    or also different IP networks over two more WAN interfaces.

    • Policy based routing
      This is what I would suggest in your and the most common situations
    • Session based routing
      This more or less for many servers inside of an DMZ or LAN that must be connected.
    • Services based routing
      This is more or less for routing the mail service over one gateway and the http stuff over another different one
      to spread the traffic over the right matching gateway or ISP.

    So with policy based routing you are able to tell the,  wich packet should be running over which interface.
    And with one or two fail over rules on top, the entire traffic is running over one WAN interface because
    the other one was failing or plain not working due to a net split at the ISP or what ever.

    But then I ran into a problem. As you can see on one of the screenshots Gateway WAN1's Status is "unknown" and the other values are "pending".

    Would you please so friendly and place them here inside of the forum in your thread?

    Is there any way to fix this? I thought, that this error comes up because both of them have the same Gateway-IP-Adress.

    Each gateway has its own ip address and not two of them has the same! Over which the packets should be going
    outside to the Internet?

    I already tried changing the Monitor IP in Gateways, but then the Gateway's show up as offline (I can still access the Internet). I can't change the Gateway-Adress, as it is set to dynamic.

    ??? Could it be that you are confound the public IP address and the WAN gateway address?

    I don't want any failover or load balancing, if that changes anything.

    Would you please tell us why not?

    I would suggest the following here:

    This might you binging light into that behavior or case you are in. Pleas take the time of perhaps 30 minutes
    to read it, and that carefully and as said slow, then you would having all you need to realize it.
    system -> Routing -> Gateway Groups

    • Create a first group with description name "BALANCE", And set Tier 1 for both "wan's" and Trigger level to "latency or packet loss" [this for load balance]"

    • Create a second group, description name "Wan1 Fail Wan2 Use"  and priority set wan1 to Tier1 and wan2 to Tier2, set "Trigger level" to member down.

    • Create a third group, description name "Wan2 Fail Wan1 use" and priority set wan1 to Tier2 and Wan2 to Tier1, set "Trigger level" to member down.

    Firewall Rules –> LAN, you need to create a three new rules

    Balance rule
    Interfaces: Lan
    Protocol: ANY
    Source: LAN SUBNET
    Destination ports: ANY
    Gateway;BALANCE

    Failover rule
    Interfaces: Lan
    Protocol: ANY
    Source Address: ANY
    Destination ports: ANY
    Gateway;Wan1 Fail Wan2 Use

    Failover rule
    Interfaces: Lan
    Protocol: ANY
    Source Address: ANY
    Destination ports: ANY
    Gateway;Wan2 Fail Wan1 use

    Make sure to place them on top of the lan rules!