Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WAN split phone and data traffic

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FirebornX
      last edited by

      The Setup:

      Maybe this is simple and I just can't see it, but is there a way to setup rules that say if I have a phone at 10.1.1.70 then I want all traffic from that source to go out over OPT1?
      The problem is, while my phone can see and communicate freely with my IP PBX, all of the actual call traffic goes out over my WAN port which makes for some terrible call quality if someone's downloading something large.
      I could do QoS on the 1st connection, but there's no need if I can direct the traffic through the 2nd.

      I've thought about setting up a VIP on the LAN interface and then setting the phone's gateway to that, but then I don't know if there's a way to forward all the traffic that's going to the VIP to OPT1

      Thanks!

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Why even have the DDWRT? Having that subnet between is going to cause routing complications regardless of what you have connected on both ends, I'd get rid of the DDWRT and setup dual WAN.

        1 Reply Last reply Reply Quote 0
        • F
          FirebornX
          last edited by

          The reason for the DMZ type setup is to allow for remote extensions and automatic provisioning remotely without worrying too much about the security of my LAN computers.
          I can keep the pfSense firewall tight and the DD-WRT somewhat loose.

          I know it would be easier to just drop my PBX into my LAN and run dual WAN but I don't want the security risks that would bring.

          Also it gives me more flexibility for my other public servers, I can stick them in there and tell them to use my primary internet connection.

          1 Reply Last reply Reply Quote 0
          • H
            handanril
            last edited by

            If you want to send sip traffic to opt 1 do packet based routing. In the rules for LAN send from lan net all 5060 traffic to opt1. also send all the rtp traffic. I assume you are using asterisk so the range is either 10000–20000 or whatever you changed the rtp.conf to. I setup pfsense with dual wan and haven't had any issues with security. The only issue that ever arose from security is users creating extensions with lame passwords...ext 101 with password 101..etc...

            1 Reply Last reply Reply Quote 0
            • F
              FirebornX
              last edited by

              Forwarding the packets based on port from LAN to OPT1 would work but I'm unsure on how to do that with pfSense.

              I investigated that earlier but couldn't find anything on it (maybe wasn't using the right terms?), could you point me in the right direction?

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @FirebornX:

                The reason for the DMZ type setup is to allow for remote extensions and automatic provisioning remotely without worrying too much about the security of my LAN computers.
                I can keep the pfSense firewall tight and the DD-WRT somewhat loose.

                I know it would be easier to just drop my PBX into my LAN and run dual WAN but I don't want the security risks that would bring.

                There's no reason to do that, add a 4th NIC and you have what you need in a single box.

                You can policy route the traffic, but only to gateways, and that likely wouldn't accomplish what you're looking to do here.

                1 Reply Last reply Reply Quote 0
                • H
                  handanril
                  last edited by

                  http://www.pfsense.org/mirror.php?section=tutorials/policybased_multiwan/policybased_multiwan.pdf

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    @handanril:

                    http://www.pfsense.org/mirror.php?section=tutorials/policybased_multiwan/policybased_multiwan.pdf

                    Don't use that, it's outdated and partially wrong. I just overwrote it with a pointer to the current documentation here:
                    http://doc.pfsense.org/index.php/MultiWanVersion1.2
                    though it'll take a bit for the mirrors to sync.

                    and that's not really thorough, the best source of info is in the book.  http://pfsense.org/book

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.