Multi wan and multi lan config
I have been using pfsense for 3 months with the following setup:
3 Wans & 1 LAN
currently all traffic for a specific server/IP goes through WAN1 and all other traffic (surfing, emails, etc) goes through WAN2.
when WAN1 goes down, we change all the workstation's IP address(from 192.68.10.xx to 192.168.100.xx) and then all traffic will be as follows, traffic to specific server/IP address now goes through WAN2 and all other traffic (surfing, emails, etc) goes through WAN3. (this is not automatic fail over)
we are now thinking of adding another NIC so that we will have LAN 2 where our servers will be located. the new setup will be like this:
WAN 1 –-
WAN 2 --- |--- pfsense --- LAN 1 = workstations
WAN 3 ---/ __ LAN 2 = workstations and servers
LAN 1 should be able to access LAN 2 and vice versa
traffic to a specific IP address/server goes through WAN1 else all other traffic through WAN2,
automatic failover: WAN1 to WAN2 and WAN2 to WAN3
LAN 2, web/ftp servers should be accessible from the internet via WAN2 or WAN3 when WAN2 is down.
(WAN2 and WAN3 all have static public IPs)
can anyone help me with this? I dont know how to setup fail over and accessing LAN1 from LAN2 and vice versa.
really appreciate it.
I do not have a direct answer for your situation however I have a suggestion to help you find your answer.
When I was putting my network together I couldn't find the best way to put everything together. Instead of creating down time I tested everything out on a VM. I was able to get exactly what I wanted by just messing around with the config and network setup.
I know its not an answer but it's what helped me.
i tried the instructions from http://doc.pfsense.org/index.php/Special:Search?search=loadbalance&go=Go
i have another pfsense box and have been trying out the configs on this one but when i turned of the modem for my internet connections the fail over doesnt kick in.
While I try to find a more suitable answer for you take a look at http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_the_pools
The example shows you how to setup fail over and load balancing. You can apply the same thing in your case but with 3 WANs.
With this example you should be able to setup fail over (WAN1 to WAN2 | WAN2 to WAN3 | WAN 3 to WAN1)
Setup an outbound rule that forces your server to use WAN1's Gateway. This should get you started.
ok, i will try it. let you know what happens.
got the failover working now…. still have to do the LAN1 <> LAN2 access as well as having LAN2 servers be access over the internet using NAT / public IPs.
Okay to get different trusted networks to be able to talk (Your LAN1 and LAN2) we have to make a firewall exception. Attached below are my firewall rules to get my LAN1 and LAN2 to be able to 'talk'. Let me know if this helps.
As you can see my first rule on each network is to allow all traffic to the other network.
i think i got it, you just made the other lan internet traffic go to your other wan,
I got the LAN2 and LAN1 to access its other.
I am just wondering why when I am on LAN2 subnet I cannot ping the LAN2 interface (192.168.1.1) but can ping the LAN1 interface (192.168.2.1)?
Hmm. By any chance is ICMP Protocol not included in your firewall exception?
no, my rules are any ports
LAN1 IP = 192.168.1.1
LAN2 IP = 192.168.2.1
when I am on LAN1 i cannot ping 192.168.2.1 (LAN2 IP) and even when I on LAN2, I cannot ping 192.168.2.1
but on either LAN1 or LAN2 I can ping 192.168.1.1 (LAN1 IP)
Can you ping LAN2 hosts from LAN1 or is it just the LAN2 Gateway that does not respond?
LAN1 (any host) to LAN2 pfsense interface and hosts - ping ok
LAN2 (any host) cannot ping pfsense LAN2 interface but can ping LAN hosts.
Only when I am in LAN2 that I cannot ping the LAN2 gateway (pfsense interface LAN2 IP)
any other hosts can ping both LAN1 and LAN2 pfsense interface