Going out different WAN with NAT1:1



  • I'm trying to configure my system to work with 2 WAN from different ISP.
    one WAN have 5 Static ip and the other one have 8 Static IP. I'm running pfsense 1.2.2 embedded on ALIX2D3 hardware
    which have 3 NIC port. my 1st NIC is being use as a local area network on 192.168.1.0/24 subnet, my 2nd NIC is being use as WAN1
    and my 3rd NIC is being use as WAN2.

    Setup:

    NIC 1:
    DHCP Local computers:          192.168.1.100-200/24
    Public DNS Server:         192.168.1.16/24
    Web Server:         192.168.1.80/24
    Mail Server:         192.168.1.11/24

    NIC 2 (WAN1):
    IP: 76.x.x.2/29
    Gateway: 76.x.x.1

    NIC 3 (WAN2):
    IP: 68.x.x.2/24
    Gateway: 68.x.x.1

    Virtual IPs NIC 2 (WAN1):
    IP: 76.x.x.3/32 - 76.x.x.6/32 (Single address)
    Type: Proxy ARP

    Virtual IPs NIC 3 (WAN2):
    IP: 68.x.x.3/32 - 68.x.x.9/32 (Single address)
    Type: Proxy ARP

    Aliases:
    iServers: 192.168.1.16, 192.168.1.80, 192.168.1.11

    LAN Rules:
    Proto: *, Source: iServers, Port: *, Destination: *, Port: *, Gateway: 76.x.x.1, Shedule:, Description: Servers –> going out WAN1
    Proto: *, Source: LAN Subnet, Port: *, Destination: *, Port: *, Gateway: 68.x.x.1, Shedule:, Description: LAN subnet --> going out WAN2

    Port Forward:
    if: WAN, Proto: UDP, Ext. port range: 53 (DNS), NAT IP: 192.168.1.16, Int. port range: 53 (DNS), Description: DNS Server --> WAN1
    if: WAN, Proto: TCP, Ext. port range: 80 (HTTP), NAT IP: 192.168.1.80, Int. port range: 80 (HTTP), Description: Web Server --> WAN1
    if: WAN, Proto: TCP, Ext. port range: 443 (HTTPS), NAT IP: 192.168.1.80, Int. port range: 80 (HTTPS), Description: Web Server Secure --> WAN1
    if: WAN, Proto: TCP, Ext. port range: 25 (SMTP), NAT IP: 192.168.1.11, Int. port range: 25 (SMTP), Description: Mail Server --> WAN1

    WAN Rules:
    Proto: *, Source: RFC 1918 networks, Port: *, Destination: *, Port: *, Gateway: *, Schedule: *, Description: Block private networks
    Proto: *, Source: reserved/not assigned by IANA, Port: *, Destination: *, Port: *, Gateway: *, Schedule: *, Description: Block bogon networks

    Proto: UDP, Source: *, Port: *, Destination: 192.168.1.16, Port: 53, Gateway: *, Schedule:, Description: NAT DNS Server --> WAN 1
    Proto: TCP, Source: *, Port: *, Destination: 192.168.1.80, Port: 80, Gateway: *, Schedule:, Description: NAT Web Server --> WAN 1
    Proto: TCP, Source: *, Port: *, Destination: 192.168.1.80, Port: 443, Gateway: *, Schedule:, Description: NAT Web Server Secure  --> WAN 1
    Proto: TCP, Source: *, Port: *, Destination: 192.168.1.11, Port: 25, Gateway: *, Schedule:, Description: NAT Mail Server --> WAN 1

    NAT: 1:1
    Interface:WAN,  External IP: 76.x.x.3 , Internal IP: 192.168.1.16,  Description: Public DNS Server
    Interface:WAN,  External IP: 76.x.x.4 , Internal IP: 192.168.1.80,  Description: Web Server
    Interface:WAN,  External IP: 76.x.x.5 , Internal IP: 192.168.1.11,  Description: Mail Server

    Interface:WAN2,  External IP: 68.x.x.3 , Internal IP: 192.168.1.100,  Description: Internet User 1
    Interface:WAN2,  External IP: 68.x.x.4 , Internal IP: 192.168.1.101,  Description: Internet User 2

    Problem:

    I'm able to get all the servers to go out on WAN1 and i can see that each server going out with it own public ip i have set for them in NAT1:1, however I'm not able to get the computer 192.168.1.100 and 192.168.1.101 to go out on WAN2. I'm missing something?



  • @dimsion:

    Problem:

    I'm able to get all the servers to go out on WAN1 and i can see that each server going out with it own public ip i have set for them in NAT1:1, however I'm not able to get the computer 192.168.1.100 and 192.168.1.101 to go out on WAN2. I'm missing something?

    You seem to have the correct rule (the second LAN Rule).  Try replacing the source directly as 192.168.1.0/24.  Set the type to Network and put in the address range directly.


Locked