Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN Confusion

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 758 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      djmaxx007
      last edited by

      Multi-Wan Confusion

      I've had a Comcast Business connection with a block of 5 statics for years now. I created virtual IPs for the statics in the block (except of course for the first usable) and then used 1-to-1 NAT for the devices that I wanted to dedicate an IP from the block to. In my case, my phone system ended in .203 and my UniFi server ended in .204. Both devices saw that their outward-facing WAN IP was what I set it to. All was good.

      Now I added a DHCP WAN fiber connection to the mix. I want the fiber connection to be used for everything EXCEPT the phone system and UniFi as those NEED to use the IP I assigned to them. I have domains pointed to those IPs with signed SSL certs and all. I'm not sure how to do this.

      So far what I've done is create a gateway group in failover mode and then set that group as the default gateway. Within the group I set the fiber as tier 1 and Comcast as tier 2. I didn't touch the 1-to-1 NAT rules at all but now the phone system and UniFi believe that their outward facing IP is that of the new fiber connection. How do I force these two devices to use ONLY the Comcast connection and appropriate static IP address that I assigned to them? As soon as I choose the default gateway to be the new gateway group, even with both gateways being the same tier, every device on my network thinks it's WAN IP is that of the fiber connection and it seems my Comcast connection is completely ignored. It's driving me nuts. Thanks in advance guys!

      V S 2 Replies Last reply Reply Quote 0
      • V Offline
        viragomann @djmaxx007
        last edited by

        @djmaxx007 said in Multi-WAN Confusion:

        As soon as I choose the default gateway to be the new gateway group, even with both gateways being the same tier, every device on my network thinks it's WAN IP is that of the fiber connection and it seems my Comcast connection is completely ignored.

        Not clear what you mean with that, but yeah, you've set up a gateway group with the fiber as tier 1. So the upstream traffic of your devices will go out on the fiber as long as it is online and the traffic is not policy routed to any other gateway.

        The 1:1 NAT rules do only NAT on the interface which they are configured, but they do no routing.

        If you want to have the upstream traffic of the mentioned devices go out on the Comcast interface (the non default), you have to configure a policy routing rule pointing the the Comcast gateway.
        To only catch the upstream traffic, add an alias to pfSense and include all RFC1918 networks. Then use this alias as destination in a pass rule allowing the respective devices go out to the internet. In the advanced options select the Comcast gateway.

        1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @djmaxx007
          last edited by

          @djmaxx007 See policy routing

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.