Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dual WAN - Port Forwarding - Policy Routing for Internet

    Routing and Multi WAN
    2
    4
    115
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bambos last edited by

      Hello everyone and happy new year,

      I'm new to networking and pfSense trying to implement the following schematic with 3 kinds of different devices on LAN:

      A. Device like 192.168.1.10 - able to reply to port forward service 2404 to both WAN's - reply to the WAN that took the request from. Default Internet WAN1.
      B. Device like 192.168.1.20 - able to reply to port forward service 182 to both WAN's - reply to the WAN that took the request from. Default Internet WAN2.
      C. Simple LAN devices, default Internet WAN2.

      To be more simple i think is better to follow a schematic like that, having both WAN's and the LAN to one firewall and have single gateway on LAN.
      PV_Plant2.png
      Can anyone give me some tips how i can set the different priorities to achieve something like that ?

      For example, in System-> Routing there is default gateway option or automatic. If i set there default gateway, what does this mean ? Is it priority one and always respected?
      Then if i add a firewall rule to LAN, so a device have to reply using WAN1, does this mean that port forwarding will not respected if requested from WAN2?
      In NAT Port forward section, there advanced -> and then Gateway selection. Is this only for the port forward overriding the default gateway ?
      Also what about static routing and outbound... ? So many settings i don't know what is prioritized for each interface even i saw the documentation for these topics.

      Any help and guideline will be much appreciated. Thank you.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Bambos last edited by

        @bambos
        Please read the Gateway Settings, Gateway Groups and Multiple WAN part of the doc at first:
        https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
        https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html
        https://docs.netgate.com/pfsense/en/latest/multiwan/index.html

        Come back after if you have further questions.

        B 1 Reply Last reply Reply Quote 0
        • B
          Bambos @viragomann last edited by

          @viragomann Hello Sir, and thanks for the links.
          I have already run through them several times the last 5 days.

          I'm aware about gateway configuration.
          I'm aware about the gateway groups for failover and balancing, but my case is none of them.

          This scenario is simultaneously dual WAN port forwarding from both Wan's
          Some devices has to use gateway 1, some devices has to use gateway 2.

          To my understanding, port forwarding should work without any settings, as long as reply-to functionality is enabled by default. (under system->advanced->Firewall & NAT)

          Is there any way to handle devices on LAN, using gateway on WAN1, and other devices on LAN using gateway on WAN2 ? (For normal traffic / not port forwarding).

          Thanks for any suggestions.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Bambos last edited by

            @bambos said in Dual WAN - Port Forwarding - Policy Routing for Internet:

            To my understanding, port forwarding should work without any settings, as long as reply-to functionality is enabled by default. (under system->advanced->Firewall & NAT)

            That's correct. That feature makes sure that responses are send out on the same interface where the request was coming in before, no matter which if it's the default gateway or not.

            @bambos said in Dual WAN - Port Forwarding - Policy Routing for Internet:

            Is there any way to handle devices on LAN, using gateway on WAN1, and other devices on LAN using gateway on WAN2 ? (For normal traffic / not port forwarding).

            This can be done by policy routing rules: https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

            Group IPs which you want go out on the same interface in an alias and use this one in a pass rule as source. Expand the advanced options in the rule, go down and find the gateway drop-town. Select the proper gateway.
            It's a good advice to have an alias with all RFC1918 networks defined. So you can add this at the destination together with "invert" checked. This avoids this rule to match for local destinations.
            Now you can put this rule to the top of the rule set to ensure it is applied before rules which have any.

            If you want to use both gateways but use one as default, create a gateway group. You can create multiple gateway groups including the same gateway, e.g. one with WAN1 as tier 1 and WAN2 as tier2, and a second group the other way around.

            @bambos said in Dual WAN - Port Forwarding - Policy Routing for Internet:

            If i set there default gateway, what does this mean ?

            The default gateway is use if no gateway or -group is stated, either in policy routing rule or in a static route.

            Ensure that you have outbound NAT rules in place for both WANs.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy