Two WAN connections and 3 VLAN

broadcastbeat

Hi!

I haven't used pfsense in about three years and need to replace a Meraki system.

Here's what I'm hoping to do:

1. I have 8 gigabit Ethernet ports and pfsense sees all of them (so I'm good there.

2. I have (2) public internet connections. Both are fiber. One of them is 1 GB/1 GB and the other is 100/100. The 1GB connection is only a dynamic IP and doesn't have a static. The 100/100 has about 5 static IPs.

3. I need to make the 1GB connection primary for everything with the 100/100 on failover (or for things that need static IPs to use with port forwarding. There are SOME instances that I need to port forward with the dynamic IP on the 1GB connection - Is this possible as well and at the same time I'm doing port forwarding for the IPs on the 100/100?

4. On the LAN side I need (3) Ethernet ports to act as separate DHCP servers. I'm plugging each port into a switch for different functions. This is mostly for organizational purposes, but also to separate some traffic. One of the networks shouldn't see any of the others (it's a tenant that rents office space from me, so I only want them on their own network). I also need to limit them to maybe 100/100 so they don't eat all my bandwidth. The other two networks would need to see each other and ping each other.

5. In the end, I'd like to keep my Meraki access point (which I have at my house) and instruct it to connect it to the office via VPN for file server access. I'm assuming the Meraki can connect to pfsense.

If anyone is interested in assisting me with tackling this.....please reach out to me. Otherwise, some guidance is greatly appreciated as I haven't used pfsense in a long time.

Thanks!

Ryan
954 - 826 - 6011

Derelict

@broadcastbeat said in Two WAN connections and 3 VLAN:

Hi!

I haven't used pfsense in about three years and need to replace a Meraki system.

Here's what I'm hoping to do:

1. I have 8 gigabit Ethernet ports and pfsense sees all of them (so I'm good there.

2. I have (2) public internet connections. Both are fiber. One of them is 1 GB/1 GB and the other is 100/100. The 1GB connection is only a dynamic IP and doesn't have a static. The 100/100 has about 5 static IPs.

3. I need to make the 1GB connection primary for everything with the 100/100 on failover (or for things that need static IPs to use with port forwarding. There are SOME instances that I need to port forward with the dynamic IP on the 1GB connection - Is this possible as well and at the same time I'm doing port forwarding for the IPs on the 100/100?

You need to distinguish between outbound and inbound connections.

For outbound connections you make a Multi-WAN failover group with the gig connection Tier 1 and the 100/100 connection Tier 2 and policy route outbound traffic to the gateway group.

Inbound connections are determined by what address outside connections come in on. This is generally determined by DNS. pfSense does not care what WAN a connection comes in on. If there is a port forward and rule on that address/WAN it will be forwarded.

4. On the LAN side I need (3) Ethernet ports to act as separate DHCP servers. I'm plugging each port into a switch for different functions. This is mostly for organizational purposes, but also to separate some traffic. One of the networks shouldn't see any of the others (it's a tenant that rents office space from me, so I only want them on their own network). I also need to limit them to maybe 100/100 so they don't eat all my bandwidth. The other two networks would need to see each other and ping each other.

Proper firewall rules and limiters/shaping can accomplish that.

5. In the end, I'd like to keep my Meraki access point (which I have at my house) and instruct it to connect it to the office via VPN for file server access. I'm assuming the Meraki can connect to pfsense.

pfSense does not care what access point you use. Just like it doesn't care which switch you use. That's all layer 2.

If anyone is interested in assisting me with tackling this.....please reach out to me. Otherwise, some guidance is greatly appreciated as I haven't used pfsense in a long time.

Thanks!

Ryan
954 - 826 - 6011

broadcastbeat

@Derelict said in Two WAN connections and 3 VLAN:

gateway group.

Okay, thanks! One additional note. I did the "first time" startup after the initial install and in what appeared to be BSD, it had me go through the exercise of finding the WAN and LAN interfaces. I successfully identified the WAN and LAN. I even saw the IP (on the lan side showing 192.168.1.1), but oddly enough....the computer plugged into the LAN side wasn't getting a DHCP address. Is it off be default? I can't imagine. I even tried to manually set the IP to the client machine and still couldn't access 192.168.1.1 which I assume is the web interface at port 80. Any ideas? Once I can get to the interface I can try to do what you mentioned.

Much appreciated - Thanks! :)

Ryan

Derelict

No. DHCP on LAN is enabled by default and all traffic from LAN clients is passed by default. Hard to say what you might have done wrong with the information available.