Dual WAN + Dual LAN



  • I'm having a heck of a time getting the config right for my dual WAN/LAN setup.

    Basically I have some services I host on my home cable connection, and I've put them all in Virtual Machines which live on LAN2, while LAN1 handles all of my normal physical devices.

    WAN1 and WAN2 are both off the same cable modem, each with their own physical NIC.

    With my current rules setup, Almost everything works, except I can't access VMs NATed behind WAN2 from LAN1. All I get when I attempt to do so is the pfsense login dialog.

    Now, If I disable Automatic Outbound NAT, and add an item for LAN2 to NAT through WAN2, I can now access hosts behind WAN2 from LAN1 just fine, but now instead the VMs behind WAN2 can't send to the internet, all outbound traffic stops dead. Traffic inward still goes through just fine.



  • I'm kinda stuck here. How can I setup pfsense to do what I want?

    Basically I need:

    • each LAN to route out its own WAN interface
    • allow access to the LAN2 addresses from LAN1 (ie: ssh -l user 10.0.1.x from 192.168.1.x)
    • allow LAN1 to access WAN2 address, and be NATed properly (so I see the web servers behind the firewall, and not just pfsense's web page)

    And one thing I would very much want:

    I've been told I might be able to edit the dhcpd.conf to set that up, but doesn't pfsense re-write that every time it re initializes the interfaces?
    I do have some programming experience, I wouldn't mind making a patch to support this, but I have no idea where to begin.
    My first idea was just to take the DHCP dynamic dns host option from the interface's DHCP page and tell dhcpd to use that for a given LAN's domain.

    Right now its a bit annoying, everything seems to work ok, except I can not access the services behind my WAN2 ip from WAN1. All I get is the pfsense interface/auth dialog.

    I've just tried the latest 1.3 snapshot, it doesn't seem to have helped. I must be configuring something wrong, but I can't imagine what. I've tried all sorts of settings, and most of them just make things worse (ie: LAN2 routing out WAN1, or causing LAN2 to not connect out to the internet at all).

    I'd really appreciate some help :)



  • Do you get 2 ips for the single cable modem?

    must go to ver 2 (not final so DO NOT use in a production network where down time is unacceptable), 1.2/3 releases  do not support multi-wan directly/natively.

    heres a post where i did dual wan/lan with 1.2
    http://forum.pfsense.org/index.php/topic,17032.msg88727.html#msg88727

    if your trying to access a webserver on another interface, change pf to listen on a different port and forward port 80 to the server's ip that you want to access.



  • Yes, I get two IPs from a single cable modem.

    How stable is v2? Does it randomly crash and change the rules?

    if your trying to access a webserver on another interface, change pf to listen on a different port and forward port 80 to the server's ip that you want to access.

    The port is already forwarded on my second WAN interface, do you mean I should forward it on the second LAN interface as well? I don't think that would work very well.

    My ultimate goal was to get all traffic from LAN that's trying to access my second wan connection, to route out over WAN, and back into the second wan connection. It seems like there's no way to tell pfsense to do that, and I don't know why.



  • i think v2 is still in alpha
    use static routes to force the route to the wan2 inf. are your ips static or dhcp?



  • Both are dynamic, but rarely change so a static route might work.

    Though I'm not sure anymore that it was a problem in the pfSense setup.


Log in to reply