This is a big one I hope it works
Greetings, I am new to the forum and to pfSense.
I was referred here from another board. I am a networking professional Cisco, etc. and I have worked on RH, Knoppix, Ubuntu systems in the past but I am by no means a Linux or Unix guru, I am more of a cisco ios type.
I am also heavily into wifi since 02 and understand RF and 802.11 mac pretty well.
What I am trying to accomplish is the following and this distro may be the solution but I wanted to check before I commit the time.
I have my own consulting practice. I used to work out of my home office and use my local cable broadband connection for internet access.
I moved into a small office and for the time being I don’t want to pay for another cable line for internet access. However, my local cable provider provides wifi service in the same area for existing customers. I figured I would just use that service until I am settled in. I currently, with an old laptop, just use MS ICS to turn it into a simple wifi router with an Ethernet connection into my lab. For me to access the public cable wifi I need to login in once via a web page and register the laptop.
Now what I would like to do is add a second wifi nic, which I have done before, one to sniff and another to generate wifi traffic but this time I would like to connect to the public cable wifi on two different channels and just load balance between them to increase my available bandwidth and throughput. I have all the hardware, external antennas etc. and can get a different channel for each nic. However, I needed the software to do the load balancing.
From reviewing the site it looks like pfSense can do the job. The only concern is this. Under the Redundancy section in the Features page it states
“Only works with static public IPs, does not work with DHCP, PPPoE, PPTP, or BigPond type WANs (will be resolved in a future release)”
The cable provider issues the wifi IP via dhcp. So am I out of luck?
Also, has anyone done something similar here using pfSense.
I already pay for the cable wifi accounts so I figured I would just aggregate them at this office until I feel I need to add another high speed line.
The software looks really good from the list of features and as an old “ipchains” guy I am excited if it fits the bill here.
Oh is there a usb stick setup too?
Any help or direction is greatly appreciated.
I think the 2.0 beta can do load balancing regardless of the method of connecting, though I don't know whether what you read is current or out-of-date, so it may or may not apply to the current release. However, there is one reason I can think of that it might not work. I am unsure whether it is currently possible to use two separate WAN connections that both have their IP address on the same subnet.
Efonne is correct, you can't use two WANs that have the same gateway. You could put a small NAT device in that actually connects to the wireless and does NAT, and then you could use a connection to that device for another WAN on the pfSense box.
Thanks fellas, I did think of the GW address also, but not sure if the SW could peer, round robin, bond or keep them completely autonomous. Also, I may end up with two different GW addresses since I am connecting to two to different cells(channels) at different points. If they(cable wifi) guys provide two different GW addresses I would have liked to just either round robin load balance or per destination type load balance.
Even if the GW addresses are the same coming in for each nic, is there a way to bond or load balance between the interface indexes or create the static routes inside the box to point to the nic and not the next hop address(cable df route address from dhcp). Also, in case the cable addresses change I don't have to change much if anything on my end.
This way I would like to have a pfsense box with 3 nics. For example, one Ethernet nic to connect to my office and lab with an internal address space of of 10.1.1.0 which I can provide to my office devices via dhcp and provide a default route which would be the pfsense box of 10.1.1.1 and the dns address from the cable/wifi for example. Nat is assumed also if applicable.
Then in the fpsense box have wifi nic #1 126.96.36.199 that received df gw address 188.8.131.52
And nic #2 184.108.40.206 that also received a df gw address of 220.127.116.11
Could I then add a static route or floating static type of route in the box for my default outward paths.
Route 0.0.0.0 wifi nic 1
Route 0.0.0.0 wifi nic 2
Route 10.0.0.0 Ethernet nic - back to office/lab or nat process/device(if applicable)
And the pfsense software either load balances automatically between the wifi nics or do I have to add a weight/metric at the end of one of the static route command to invoke such distribution.
Route 0.0.0.0 wifi nic 1
Router 0.0.0.0 wifi nic 2 weight or metric added
Even if the wifi nic address from the cable/wifi provider are different this should be doable regardless if the gw addresses are the same or not.
The pfsense SW would see the first packet to cisco.com use nic 1 for next hop resolution, dns and the entire flow. Then the next packet for lets say hp.com would use nic 2 for next hop resolution, dns and entire flow. And so forth etc.
In one way the wifi nics and associated addresses can be completely oblivious to each other and pfsense would implement some form of SIN routing so I can aggregate my bandwidth.
That would be awesome if this is doable. A great experiment and saves me the need to get another cable internet feed. And yes we don’t know how old the update is on the site whether beta 2.0 or beyond can load balance or not.
Thanks again Efonne and Jimp for your help. It is greatly appreciated and hopefully someone has tried this and comes forward with some additional insight as to if this is doable. Otherwise, I shall give it a week and try for myself and share with the gang the results.
Regards and if I don’t hear back from anyone have a great holiday weekend.
As I said, it is not possible if both have the same gateway.
Interface routing might work only in rare cases where the WAN is an actual point-to-point link which does not require a gateway.