Configuring MultiWAN Firewall Rules
-
Here's my setup. My pfsense box has three NIC interfaces, 1 for LAN, 1 for WAN, and 1 for OPT1 (WAN2). The two wan connections uses cable internet from the SAME ISP and they use dynamic ip addresses with different gateways (so no prob there). Do I really need static ip addresses for my WAN connections? I have succesfully created load balancer pools and firewall rules but I am not confident on the firewall rules that were created. I'm not sure how they work. The load balancer pools are pretty simple to create. I don't want to turn on sticky connections because I want load balancing to run on utorrent (double speed). But the drawback is that I have problems accessing some sites especially when logging on, example is blackcats, i would have a hard time reading the forums since it always prompts me to login several times before it goes through. My network before uses a TP-link R480T+ load balancer router with no problems even without a sticky connection feature, so im guessing that it should work the same way with pfsense. here is a screenshot of my LAN firewall rules page: http://img79.imageshack.us/my.php?image=firewallrulesnk2.jpg
I hope you can comment on that. Can anyone please explain to me what each column in those firewall rules mean? Like source and destination and gateway. I don't understand how can a load balancer pool becomes a gateway. Notice how I disabled the last rule because I'm experimenting on what will happen but actually I dont know what is really happening. Although I have my internet connection running, I'm also having problems with Tversity and like I said with sites like blackcats. Trying my old setup (TPLink router) eliminates this problem. I hope somebody can help me. Thanks in advance. ;D
-
BTW, I'm asking this because the setup of the networks in most guides involve DMZs which I guess our other LAN subnets with their own WAN connection. I can't seem to decipher the pattern on how to apply it on my setup which is onyl 1 lan (switches) with two WANS (2 cable modems). :)
-
http://forum.pfsense.org/index.php/topic,7001.0.html
The balancing pools can be a gateway because traffic handled by that rule will not go over the routingtable.
Traffic going to a pool will be send according to what the pools says.
Think of it as policy-routing with a "special" destination.To solve your problem of reauthenticating on certain homepages: you could create an alias with all the IP's of pages you dont want balanced and use this alias as destination of a rule above your balancing-pool rule.
A DMZ is nothing else than an additional interface.
The LAN and the DMZ are in no way related since they would have both their own rules. -
ahh. and now im having a problem with accessing tversity over my network with pfsense. with the hardware router i got no problems. but with pfsense, my ps3 and other devices won't see the tversity on the main computer. also, with my pings, when i ping the WAN1 address, i get <1ms latency, but when I ping WAN1 Gateway, WAN2 Address, and WAN2 Gateway, I get latencies like 20ms which is not normal. With the hardware router, pinging those 4 addresses yields latencies <1ms for all of them.