I need help to understand



  • Hi,

    I have a fresh install of pfSense ( 2.4.1-RELEASE ) on a virtualbox VM to replace a dual wan RV325 Lynksys by cisco (it's to slow when we are all in office).
    I use 2 WAN and 1 LAN, interfaces (LAN - WAN1 and WAN2), gateways (GW_OPT1 and GW_WAN), gateways group (WANs // GW_OPT1+GW_WAN // Tier 1) are working.
    All is good, clients in my network use internet.

    Now in first, I want to send (for example) http connexions from internal network to WAN2, ssh connexion to WAN2 … and next, in a second time, I want to send VPN_port 1194 from WAN1 and Wan2 to a specific IP of my network.

    Then I have create firewall Aliases (Ports : http, FTP, VPN, SSH, Skype.....), but in don't know how to do in next step. Somebody can explain to me please ?

    Manu ( France sorry for my bad english :-) )


  • Galactic Empire

    https://doc.pfsense.org/index.php/What_is_policy_routing

    Check out policy based routing.

    I would have found a link with an explanation but i’m writing this on the mobile.



  • Hi NogBadTheBad,

    thank's for your reply, I don't understand, can you explain to me, how to configure, for example :

    my FW alias Skype from LAN send only to WAN2
    my FW alias VNC from WAN1 and WAN2 to a specific IP (internal network)

    Thank you very much for your help.

    Manu.


  • Galactic Empire

    @Anjou:

    Now in first, I want to send (for example) http connexions from internal network to WAN2, ssh connexion to WAN2 … and next, in a second time, I want to send VPN_port 1194 from WAN1 and Wan2 to a specific IP of my network.

    The Internal to http via WAN2 is set by policy based routing, create a firewall rule on your LAN interface, the rule I've just created would ( IIRC as I don't have 2 WAN connections ) would route traffic using port 123 via the gateway named SWITCH_1 and traffic using port 456 via the gateway SWITCH_2.

    If you look at the bottom of the firewall rule advanced section you'll see a setting for the gateway.

    Also forgot to mention the policy based routing firewall rules need to go above the default rules.

    The VPN would be done by NAT or you could install OpenVPN on your pfSense device and avoid having to NAT.

    FYI I don't have a dual WANs or run OpenVPN.



  • Galactic Empire

    If you don't have pfSense Gold which gives you access to the hangouts, it may be worth purchasing it.

    The March 2016 covers multi WAN and after watching it, i think you need to set up gateway groups pre adding firewall rules, its a bit more complex than I thought.



  • Thank’s for yours replies, I try it.


Log in to reply