Dual WAN one static one dynamic both sending port 80 traffic to one websever
-
As I said in the subject, I have a dual WAN setup with one static one dynamic ip both sending port 80 traffic to one webserver. I am having an issue where I will only be able to access the websever on the static ip address no matter what. I initially had the static on WAN and the dynamic on OPT1. That did not work. I then reversed them, same thing. It seems that on the dynamic ip I can never get to the webserver if the static is working. I have tested with just the Cable modem (dynamic ip) hooked straight to the webserver and it works fine. I tried with just the dynamic active with pfsense, works fine. Once I add the static ip (DSL) the dynamic connection stops working. Am I setting up the firewall rules improperly?
I will post a screen shot later in the day.
Many Thanks
Paul -
If you post screenshots:
Show pictures of your firewallrules on your "WAN (WAN1)", "OPT1 (WAN2)" and the NAT-rules.Did you set a gateway on your OPT1?
Also what do you have in front of the WAN1 and WAN2? -
Currently I have almost nothing going on. I have two NAT rules, one for VNC to a test machine behind pfsense and one to access the pfsense gui from the internet (Yes I know this is not safe, it will not stay this way, just testing). There are no rules on OPT1, if I activate OPT1 (the DSL connection with a static ip) I can no longer access the gui or connect to the test machine with VNC. Once I deactive OPT1 I can reestablish my connection to the gui and the test server running vnc.
I am thinking this is not a firewall issue but I have no idea what it is.
As for how the network is setup:
For OPT1: I have a DSL modem in bridge mode with a block of static ip's. There is a switch inbetween the modem and the pfsense machine.
For WAN: Just the Cable modemIf I am making some basic mistake please point me to some write up or documentation please.
Thanks





 -
I assume 192.168.1.1 is your pfSense LAN-IP?
Why do you portforward the public IP to the pfSene LAN-IP?
If you want to access the webgui from the WAN just access the public IP.
You dont want to access the internal IP from outside.If you want to forward the same port from two WANs to the same internal server you need 2 NATforwardings.
One for each WAN.
Also you need a firewallrule on both WANs allowing traffic in.The screenshots you posted only have a portforward for one of the WANs and only a single firewallrule as well.
Change the destination IP of the portforward to your server and create the second forward.What IP's do you have on the OPT?
The same subnet like on the WAN? -
Sorry I realize I am being alittle confusing. I was trying to simply the problem by bringing it to the absolute basics. When I activate OPT1 my port forwards (VNC) in my second example stop working. I have no idea why.
I will refer to OPT1 as WAN2 from now on.
Now to answer your questions.
I assume 192.168.1.1 is your pfSense LAN-IP?
YesWhy do you portforward the public IP to the pfSene LAN-IP?
B/c if I don't I cannot access the gui from the WAN. You said I should be able to simple use the public IP but that does not seem to work. I tried it with both the WAN interface and the WAN2 interface. I am not sure why this does not work if you are saying it should.If you want to forward the same port from two WANs to the same internal server you need 2 NATforwardings. One for each WAN. Also you need a firewall rule on both WANs allowing traffic in.
This is what I had before but it was not working so I got rid of them. I had one NAT forwarding port 80 to 192.168.1.199 (my webserver) for WAN, one NAT forwarding to port 80 to 192.168.1.199 for WAN2 and one forwarding port 5900 to 192.168.1.199 for WAN2.I wanted to get this working with load balancing and failover and thought this would be a good first step. But since I have not even been able to get this to work I have been a little discouraged. In the new pictures I went back to how you said to do it. I can connect through WAN2 by VNC and HTTP but cannot connect through WAN by HTTP.
Again, thank you.





 -
B/c if I don't I cannot access the gui from the WAN. You said I should be able to simple use the public IP but that does not seem to work. I tried it with both the WAN interface and the WAN2 interface. I am not sure why this does not work if you are saying it should.
I suspect you just missconfigured your firewall-rule.
Could you show a screenshot of the rule you made to allow access from the outside?Something i just noticed: you say you have your DSL modem in bridge-mode on OPT1.
You can only do PPPoE authentication on the WAN.
I would switch it around that you have PPPoE on the WAN and the cable on the OPT. -
WAN is a cable modem and WAN2 is the DSL modem in bridge mode (No PPPoE)
I can very easily switch them but since I do not have PPPoE I was not originally concerned. And if I recall correctly I did try it in this configuration with the same results as my last post. -
Any one have any thoughts why my WAN stops working when I activate WAN2(OPT1)? Very confused.
-
What version of pfsense are you using and what type of hardware do you have it installed on?
-
1.2.1-RC2
On a Super Micro P4SCE motherboard with a 3Ghz p4 with HT
1GB of RAM
Two onboard NIC's Intel 82541
One SMC 1255TX
One Linksys LNE100TX (added this one b/c I suspected there might be something wrong with the SMC)Let me know if you need anymore.
Thanks
Paul -
This odd behavior did turn out to be a hardware issue. I am not sure exactly but I am guessing the dual onboard NIC's. I switched to another machine and things are working much better. Now to figure out load balancing/failover.
Thanks