Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Going out different WAN with NAT1:1

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dimsion
      last edited by

      I'm trying to configure my system to work with 2 WAN from different ISP.
      one WAN have 5 Static ip and the other one have 8 Static IP. I'm running pfsense 1.2.2 embedded on ALIX2D3 hardware
      which have 3 NIC port. my 1st NIC is being use as a local area network on 192.168.1.0/24 subnet, my 2nd NIC is being use as WAN1
      and my 3rd NIC is being use as WAN2.

      Setup:

      NIC 1:
      DHCP Local computers:          192.168.1.100-200/24
      Public DNS Server:         192.168.1.16/24
      Web Server:         192.168.1.80/24
      Mail Server:         192.168.1.11/24

      NIC 2 (WAN1):
      IP: 76.x.x.2/29
      Gateway: 76.x.x.1

      NIC 3 (WAN2):
      IP: 68.x.x.2/24
      Gateway: 68.x.x.1

      Virtual IPs NIC 2 (WAN1):
      IP: 76.x.x.3/32 - 76.x.x.6/32 (Single address)
      Type: Proxy ARP

      Virtual IPs NIC 3 (WAN2):
      IP: 68.x.x.3/32 - 68.x.x.9/32 (Single address)
      Type: Proxy ARP

      Aliases:
      iServers: 192.168.1.16, 192.168.1.80, 192.168.1.11

      LAN Rules:
      Proto: *, Source: iServers, Port: *, Destination: *, Port: *, Gateway: 76.x.x.1, Shedule:, Description: Servers –> going out WAN1
      Proto: *, Source: LAN Subnet, Port: *, Destination: *, Port: *, Gateway: 68.x.x.1, Shedule:, Description: LAN subnet --> going out WAN2

      Port Forward:
      if: WAN, Proto: UDP, Ext. port range: 53 (DNS), NAT IP: 192.168.1.16, Int. port range: 53 (DNS), Description: DNS Server --> WAN1
      if: WAN, Proto: TCP, Ext. port range: 80 (HTTP), NAT IP: 192.168.1.80, Int. port range: 80 (HTTP), Description: Web Server --> WAN1
      if: WAN, Proto: TCP, Ext. port range: 443 (HTTPS), NAT IP: 192.168.1.80, Int. port range: 80 (HTTPS), Description: Web Server Secure --> WAN1
      if: WAN, Proto: TCP, Ext. port range: 25 (SMTP), NAT IP: 192.168.1.11, Int. port range: 25 (SMTP), Description: Mail Server --> WAN1

      WAN Rules:
      Proto: *, Source: RFC 1918 networks, Port: *, Destination: *, Port: *, Gateway: *, Schedule: *, Description: Block private networks
      Proto: *, Source: reserved/not assigned by IANA, Port: *, Destination: *, Port: *, Gateway: *, Schedule: *, Description: Block bogon networks

      Proto: UDP, Source: *, Port: *, Destination: 192.168.1.16, Port: 53, Gateway: *, Schedule:, Description: NAT DNS Server --> WAN 1
      Proto: TCP, Source: *, Port: *, Destination: 192.168.1.80, Port: 80, Gateway: *, Schedule:, Description: NAT Web Server --> WAN 1
      Proto: TCP, Source: *, Port: *, Destination: 192.168.1.80, Port: 443, Gateway: *, Schedule:, Description: NAT Web Server Secure  --> WAN 1
      Proto: TCP, Source: *, Port: *, Destination: 192.168.1.11, Port: 25, Gateway: *, Schedule:, Description: NAT Mail Server --> WAN 1

      NAT: 1:1
      Interface:WAN,  External IP: 76.x.x.3 , Internal IP: 192.168.1.16,  Description: Public DNS Server
      Interface:WAN,  External IP: 76.x.x.4 , Internal IP: 192.168.1.80,  Description: Web Server
      Interface:WAN,  External IP: 76.x.x.5 , Internal IP: 192.168.1.11,  Description: Mail Server

      Interface:WAN2,  External IP: 68.x.x.3 , Internal IP: 192.168.1.100,  Description: Internet User 1
      Interface:WAN2,  External IP: 68.x.x.4 , Internal IP: 192.168.1.101,  Description: Internet User 2

      Problem:

      I'm able to get all the servers to go out on WAN1 and i can see that each server going out with it own public ip i have set for them in NAT1:1, however I'm not able to get the computer 192.168.1.100 and 192.168.1.101 to go out on WAN2. I'm missing something?

      1 Reply Last reply Reply Quote 0
      • G
        gerdesj
        last edited by

        @dimsion:

        Problem:

        I'm able to get all the servers to go out on WAN1 and i can see that each server going out with it own public ip i have set for them in NAT1:1, however I'm not able to get the computer 192.168.1.100 and 192.168.1.101 to go out on WAN2. I'm missing something?

        You seem to have the correct rule (the second LAN Rule).  Try replacing the source directly as 192.168.1.0/24.  Set the type to Network and put in the address range directly.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.