Double WAN, Double Lan, Help needed please.
-
I am taking a second attempt at setting up a pfSense firewall on our network as i now have a new ESXI box to load an image onto, however i am having issues working out the correct IP/Subnet settings for our setup, which is a follows.
WAN1 = PPPOA connection (BT), with adsl modem in bridge mode and authentication being done from pfSense, this works well, and the port get's a correct IP address of 81.149.200.1** with a subnet of 255.255.255.255 and Gateway of 81.149.200.1, via DHCP.
LAN = Static assigned IP of 192.168.0.250, subnet 255.255.255.0, No DHCP, This is an SBS 2003 Network, SBS does DHCP and sets it's Gateway to 192.168.0.250.
em0(WAN2) = Fully bridged PPPoA connection (BE Broadband) with manually assigned static ip of 93.96.174.**, Subnet of 255.255.255.0, Gateway of 93.96.174.1 (This works fine when connected directly to a PC/SBS Server)
em1(WLAN) = Static ip of 192.168.1.250, Subnet 255.255.255.0, this runs through to a wireless access point, it also had DHCP enabled with gateway set to 192.168.1.250.
Oh so that's the connections, now what i have done to set it up is as follows.
Set the system DNS servers to be open-dns (208.76.222.222 and 208.67.220.220), disabled DNS server list override, and enables DNS forwarding.
In firewall rules, i have created an all pass rule for WAN2 that matches the already existing WAN1 rule, then i have added three Load Balancing rules as follows,
Protocol:All, Source:LAN net, Port:All, Destination:WAN1, Gateway:93.96.174.1
Protocol:All, Source:LAN net, Port:All, Destination:WAN2, Gateway:81.149.200.1
Protocol:All, Source:LAN net, Port:All, All, Gateway:LoadBalanceThen i have setup three Load Balancing groups, as follows.
Name: LoadBalance, Type: Gateway/Balance, Servers/Gateways: wan/opt1, Monitor: 208.67.222.222, 208.67.222.222
Name: Wan1FailToWAN2, Type: Gateway/Failover, Servers/Gateways: opt1, Monitor: 93.96.174.1
Name: Wan2FailToWAN1, Type: Gateway/Failover, Servers/Gateways: wan, Monitor: 81.139.64.1Then i have changed the Outbound NAT to Manual, and added the following Rules.
Interface:WAN, Source:192.168.0.0/24, Source Port:, Detination:, Destination Port:, Nat Address:, Nat Port:* , Static:NO
Interface:Internet1, Source:192.168.0.0/24, Source Port:, Detination:, Destination Port:, Nat Address:, Nat Port:* , Static:NOSo now, when i go and view the Load Balancer status, all of the groups show as "Online" but they are orange, not green. But i do have net access.
If i disconnect Wan1, it shows as Red and down on Load Balancer status, but i have no internet access. If i disconnect Wan2, it shows as Red and down and i do have net access.
From pfSense diagnostics i can ping google.com from Wan1, but from Wan2 i get 100% packet loss.
So the big question, what the hell am i doing wrong, i find the tutorial in the Wiki quite confusing and difficult to follow as it is aimed at people using routers going into pfSense on a DMZ, whereas i am using bridging, therefor in all the descriptions about setting up the interfaces i am at a bit of a handicap as i don't have a router ip address to use, i assume for this i need to use the ISP's gateway, but not 100% sure.
If any of that is not clear (which it probably isn't, sorry) or you need any more info, please let me know!!!!
Thanks for reading!!
Gareth