4 WAN interfaces but within same WAN subnet
-
Hi,
I have a pfSense box at home connected to my internet providers modem. WAN1, WAN2, WAN3 and WAN4 are all connected to the modem and they are set to get IP by DHCP.
They get an IP, but within the same subnet all of them. They share therefore the same gateway as their endpoint to the internet.LAN1 is only one subnet after the pfSense (will add more soon) and LAN1 is shown the IP of WAN1, so that is fine. The WAN2-4 interfaces are never used and that is as expected too.
The problem I am facing is that the pfSense doesn't seem to know how to route the traffic correct.. so sometimes traffic comes in on the wrong port (the graphs show that WAN1 basically goes dead). But there is incoming traffic on WAN2-4 during the same time, which it should not do?
Monitoring does also show the gateway as offline for WAN1 and 2-4 are never shown as green.If WAN1 is on another subnet as WAN2-4, the problem with the lag/outages don't appear..
Where should I start troubleshooting more in details? :)// Tobias
-
https://docs.netgate.com/pfsense/en/latest/book/multiwan/multi-wan-caveats-and-considerations.html
-Rico
-
I doubt ISP can separate the subnets unless it's a proper business connection.
Had a friend the used 2 x BT VDSL modems for a start-up company. I got Multi-Wan working by changing the LAN subnet on one of the modems. This way PfSense balances the traffic between the two, even though the BT WAN side used same GW IP.
For Gateway monitoring, I set each WAN to use different OpenDNS IP's.
-
The problem is that they are all on the same L2 network.
Arp request goes out on WAN1 and ARP-answers comes in on WAN2. From that moment on, traffic goes out WAN2. Nothing you can do because pfSense as well as the provider's modem remember which MAC-address came in on which port and forward packets over said port.
Game over.
-
@Rico said in 4 WAN interfaces but within same WAN subnet:
https://docs.netgate.com/pfsense/en/latest/book/multiwan/multi-wan-caveats-and-considerations.html
based on the kb article posted by Rico, you could try taking your modems out of bridge mode and enable NAT.
This will depend on which modems you have and connection type.
Most ISP provided modems will do basic routing etc.You could configure each modem LAN interface for a different subnet in the RFC 1918 Range.
Then create 4 Gateways on pfSense. You'll be doing double-NAT but you may achieve your goal.
-
Hmmm. What is the point to have 4 WAN lines to a single ISP Modem? Use one WAN line and disconnect the others. If you need multiple public internet IPs, contact your ISP, they will route it to your Modem, you can configure that as VIP on Pfsense. Only one set of WAN rules to maintain, so this is much easier. You can split your WAN to several different LANs behind the Pfsense, you may use Vlans for that. Use the firewall rules to limit access between that LANs if needed.
-
The way I understand it is that he's got 4 modems ...
But if there's only one modem there's really no point.
-
he wrote ... at home .... that will be very unusual to have 4 modems ....
-
Yeah that would be unusual... Perhaps he's on ADSL and needs the bandwidth ...
-
@pete35 said in 4 WAN interfaces but within same WAN subnet:
Hmmm. What is the point to have 4 WAN lines to a single ISP Modem?
Maybe the ISP is bonding the 4 WAN lines on the modem, but then you'd only get the single IP address not 4.
-
Thanks for all your great responses!
I guess I will be stuck with only one IP address on my modem, if I don't come up with something weird.. or double NAT or so..@gcu_greyarea said in 4 WAN interfaces but within same WAN subnet:
The way I understand it is that he's got 4 modems ...
But if there's only one modem there's really no point.I do have 1 modem at home with 4 ethernet ports. Since i turned of the routing function in the modem by my ISP, I get public IPs on every interface I add on the ports (and even on the built in wifi).
@pete35 said in 4 WAN interfaces but within same WAN subnet:
he wrote ... at home .... that will be very unusual to have 4 modems ....
You are correct, this is at home :)
Kind regards,
Tobias
-
Well,
what about gratuitous ARP on each interface for the IP?
Cannot be that hard to set this up.
https://en.wikipedia.org/wiki/Address_Resolution_Protocol#ARP_announcements
Cu
-
The thing I wanted to achieve is to have 3 public IPs at home for 3 different VLANs.
1 VLAN which is my internal home-network.
1 VLAN which is my server network.
1 VLAN which has my IoT devices.And what I wanted for example, to open port 80/443 on one public IP to one server and on the next IP to another server.
One thing I have in my mind is also to tunnel the net over VLAN to my ESXI box and setup some virtual pfSense boxes there.. and they can then get a public IP directly from the ISP and then I can it inside to my network.
The server will in this case have 2 NICs, one that is towards the default gw (which is the virtual pfSense) and one that has an IP on my homenetwork.
-
