Temporarily use WAN1 for CCTV

  • We have a pfSense firewall with two WANs, load balanced as described in https://www.cyberciti.biz/faq/howto-configure-dual-wan-load-balance-failover-pfsense-router/. This works well most of the time.

    However occasionally we need external access to the CCTV recorder that sits on the LAN. Is there a way I can temporarily assign WAN1 to the CCTV recorder so we can easily use the recorder remotely, while at the same time routing all other traffic over WAN2? And then when we are finished switch back to the load balancing scenario?

  • Best option is to configure an OpenVPN remote access server. That way, you can connect securely to your LAN any time for anywhere.

    Next option would be to port-forward the CCTV to whatever WAN you want. This is bad since it gives everyone on the Internet direct access to your cameras, and those things are famous for being riddled with security bugs. This also gives your cameras access to the Internet which is often a BAD things, as some models have been caught phoning home to China doing who-knows-what.

  • What we have done is port forward and only accept connections from our office static IP, so that way nobody else can get to the CCTV recorder.

    However I think I did not explain my problem properly. We have 24 clients who use the LAN to access the internet, and most of the time they utilise all the bandwidth of both WANs, so when we need to check the CCTV there is not enough bandwidth to do that. Because of that I want to be able to temporary break the load-balancing and dedicate WAN1 to the CCTV recorder, while clients can continue to use the internet via WAN2 (be it at half the bandwidth). I was hoping I could just enable a rule that does this for me, but I have not been able to work out how to do that.

  • You should look into traffic-shaping but I'm not sure how hard it is to configure with multi-WAN.

  • I was hoping to setup a blocking rule for everyone but the CCTV recorder for WAN1, but I'll have a look at traffic shaping and see what I can do there.

    Thank you for your help.

Log in to reply