4 WAN interfaces but within same WAN subnet
-
https://docs.netgate.com/pfsense/en/latest/book/multiwan/multi-wan-caveats-and-considerations.html
-Rico
-
I doubt ISP can separate the subnets unless it's a proper business connection.
Had a friend the used 2 x BT VDSL modems for a start-up company. I got Multi-Wan working by changing the LAN subnet on one of the modems. This way PfSense balances the traffic between the two, even though the BT WAN side used same GW IP.
For Gateway monitoring, I set each WAN to use different OpenDNS IP's.
-
The problem is that they are all on the same L2 network.
Arp request goes out on WAN1 and ARP-answers comes in on WAN2. From that moment on, traffic goes out WAN2. Nothing you can do because pfSense as well as the provider's modem remember which MAC-address came in on which port and forward packets over said port.
Game over.
-
@Rico said in 4 WAN interfaces but within same WAN subnet:
https://docs.netgate.com/pfsense/en/latest/book/multiwan/multi-wan-caveats-and-considerations.html
based on the kb article posted by Rico, you could try taking your modems out of bridge mode and enable NAT.
This will depend on which modems you have and connection type.
Most ISP provided modems will do basic routing etc.You could configure each modem LAN interface for a different subnet in the RFC 1918 Range.
Then create 4 Gateways on pfSense. You'll be doing double-NAT but you may achieve your goal.
-
Hmmm. What is the point to have 4 WAN lines to a single ISP Modem? Use one WAN line and disconnect the others. If you need multiple public internet IPs, contact your ISP, they will route it to your Modem, you can configure that as VIP on Pfsense. Only one set of WAN rules to maintain, so this is much easier. You can split your WAN to several different LANs behind the Pfsense, you may use Vlans for that. Use the firewall rules to limit access between that LANs if needed.
<a href="https://carsonlam.ca">bintang88</a>
<a href="https://carsonlam.ca">slot88</a> -
The way I understand it is that he's got 4 modems ...
But if there's only one modem there's really no point. -
he wrote ... at home .... that will be very unusual to have 4 modems ....
-
Yeah that would be unusual... Perhaps he's on ADSL and needs the bandwidth ...
-
@pete35 said in 4 WAN interfaces but within same WAN subnet:
Hmmm. What is the point to have 4 WAN lines to a single ISP Modem?
Maybe the ISP is bonding the 4 WAN lines on the modem, but then you'd only get the single IP address not 4.
-
Thanks for all your great responses!
I guess I will be stuck with only one IP address on my modem, if I don't come up with something weird.. or double NAT or so..@gcu_greyarea said in 4 WAN interfaces but within same WAN subnet:
The way I understand it is that he's got 4 modems ...
But if there's only one modem there's really no point.I do have 1 modem at home with 4 ethernet ports. Since i turned of the routing function in the modem by my ISP, I get public IPs on every interface I add on the ports (and even on the built in wifi).
@pete35 said in 4 WAN interfaces but within same WAN subnet:
he wrote ... at home .... that will be very unusual to have 4 modems ....
You are correct, this is at home :)
Kind regards,
Tobias -
Well,
what about gratuitous ARP on each interface for the IP?
Cannot be that hard to set this up.
https://en.wikipedia.org/wiki/Address_Resolution_Protocol#ARP_announcements
Cu
-
The thing I wanted to achieve is to have 3 public IPs at home for 3 different VLANs.
1 VLAN which is my internal home-network.
1 VLAN which is my server network.
1 VLAN which has my IoT devices.And what I wanted for example, to open port 80/443 on one public IP to one server and on the next IP to another server.
One thing I have in my mind is also to tunnel the net over VLAN to my ESXI box and setup some virtual pfSense boxes there.. and they can then get a public IP directly from the ISP and then I can it inside to my network.
The server will in this case have 2 NICs, one that is towards the default gw (which is the virtual pfSense) and one that has an IP on my homenetwork. -
https://forum.netgate.com/topic/60600/gratuitous-arp-from-virtual-ips/17
