• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Configuring a 3rd ISP WAN Interface to another LAN Interface.

Scheduled Pinned Locked Moved Firewalling
6 Posts 2 Posters 884 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    amk
    last edited by Sep 17, 2021, 12:50 PM

    Hi,
    I need some help on configuring a 3rd ISP WAN Interface to another LAN Interface.

    Current setup I got running is Multi Wan with Failover.
    ISP A Public IP - 200.55.5.1
    ISP B Public IP - 6.96.6.11
    LAN IP - 192.168.1.1

    What I added and configured
    ISP C Public IP - 197.200.1.1
    LAN 2 IP - 10.10.10.1 DHCP
    DNS Server IP - 8.8.8.8

    I can’t seem to get the Internet working from ISP C to LAN 2, Lost at the firewall rules or something else I'm missing out on.

    Thank you.

    V 1 Reply Last reply Sep 18, 2021, 9:14 PM Reply Quote 0
    • V
      viragomann @amk
      last edited by Sep 18, 2021, 9:14 PM

      @amk
      So you want the LAN2 to get out to ISP C, correct?

      Check if pfSense has added an outbound NAT rule for LAN2 and the WAN C interfaces automatically.If not you have to add one by yourself.

      For directing out internet traffic from LAN 2 to WAN C you have to set up policy routing rules on LAN 2.
      To only affect public destinations add an alias first and add all RFC 1918 networks to it. Then modify your LAN 2 firewall rules which allow outbound traffic and check invert at destination and enter the RFC 1918 alias, expand the advanced options and select the WAN C gateway.

      Consider that the policy routing rules direct all allowed packets to the WAN C gateway, so you will need additional rules on LAN 2 for internal access. E.g. if you use pfSense for DNS resolution, you have to add a rule for TCP/UDP, destination "This firewall" port 53.

      A 1 Reply Last reply Sep 21, 2021, 1:10 PM Reply Quote 1
      • A
        amk @viragomann
        last edited by Sep 21, 2021, 1:10 PM

        @viragomann
        Thanks for helping out.

        Yes Correct LAN2 to get out to ISP C. The Outbound NAT rule was automatically created.

        Would it be possible if you could get in details how to create the alias and the Lan rules. I tried and did not work.

        Thanks.

        V 1 Reply Last reply Sep 21, 2021, 7:03 PM Reply Quote 0
        • V
          viragomann @amk
          last edited by Sep 21, 2021, 7:03 PM

          @amk
          Firewall > Aliases > IP > Add
          Enter a name, e.g. "RFC1918", select Network(s) from Type drop-down and add the concerned networks to it.

          The following screen shows the content of my RFC1918 alias and how I use it in the firewall rule.
          2af5e981-05b1-4f8a-8ba5-0714262fe4d7-image.png
          In your case you have to select the WAN C gateway additionally in advanced options.

          A 1 Reply Last reply Sep 22, 2021, 1:33 PM Reply Quote 1
          • A
            amk @viragomann
            last edited by Sep 22, 2021, 1:33 PM

            @viragomann

            Thank you so much!

            I struggled and finally thought of rebooting the box and it worked, I think that was the issue before as well I should have tried a reboot.

            V 1 Reply Last reply Sep 22, 2021, 1:47 PM Reply Quote 0
            • V
              viragomann @amk
              last edited by Sep 22, 2021, 1:47 PM

              @amk
              Glad that you get it working finally.

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received