Dual-Wan Pf-Sense 2.0

  • So to start , this is the first time i'm posting on PfSense forum and i'm basicaly a new PF user , i've discovered this true google search , at first i was using pf for home network traffic shapping and was very satisfied with the result it gave me.

    Now i have a new setup up, ….

    basicaly i have  acces to 2 ISP (adsl 5Mbps + cable 12Mbps) , i pay for access on one and the other is a public acces point for the whole building were i live, both modems are connected true wireless routers with different ssid's and dhcp's on for both routers , but both of them are configured with default ip adresses...ex.: wich i dont want to change.

    i've setup 2 different Pfsense boxes to get this to work...

    Pf Boxes config...

    | and _ = cat 5

    or <<< = WiFi

    (adsl)                                                          (cable)
                          |                                                                |
                Router #1 (SSID BLABLA1)                            Router #2 (SSID BLABLA2)

    >>>                                                        >>>

    <<< (PfSense #1)                                    <<< (PfSense #2)
                              |(NIC 10/100)                                                  |    |
                              |                                            (NIC #2 10/100)|    |___(NIC #1 10/100)
                              |                                                                  |                    |
                              |                                                                  |                    |
                              |__________________________|                    |
                                              (Cross CAT5)                                    (8 port Switch + wrls router nat disabled)

                                                                                                                        >>>                              |    |    |          |
                                                                                                                                                            |    |    (Xbmc)  |
                                                                                                                                                            |  (PC)              |
                                                                                                                <<<          <<<        <<<          |                    (PC)
                                                                                                            (Laptop)      (Xbox360)  (Wii)        |
                                                                                                          <<<                <<<                    (PC)
                                                                                                        (iPhone)            (Laptop)

    PfSense #1
    WAN static IP ( this adress is in DMZ on router #1
    Gateway (

    LAN static ( enable yes

    PfSense #2
    WAN static IP ( this adress is in DMZ on router #2
    Gateway (

    LAN static ( enable yes

    WAN2 (OPT1) Static IP (
    Gateway (

    System/General setup/DNS

    Group name:
    Default LAN -> any

    up to now everything is working as expected, i get internet from both modems, pfsense #2 is loadbalancing everything, i create some ruels here and there for http sites wich doesnt allow more than 1 ip a the time.. the trouble is when i try to open port for Bittorrent client(uTorrent)... not everything going so great

    i've set NAT rules for the static outgoing port uTorrent is using on both wan and wan2 .. but only port from wan is opening , wan2 doesnt want to forward properly .. i get the reason is from the pfsense box #1 ... so how to i configure pf#1 to let everything true to pf#2(specialy ports, since you cant forward twice the same port on a network)? i guess i could disable  firewall on pfsense #1 but when i do that the gateway fall offline and i get no internet from wan2 anymore on pf#2...

    i know this is pretty much a noob setup but i'm still newbie myself when it comes for networking but i want to learn (that's why i'm a telecomunication student right now ;)... or anywais if any of you have better setup to propose i'm all ear


    p.s. sorry for my bad english by the way


    problem solved by opening port on pfsense#1 for wan2 interface adress then.. in pfsense #2 pot forward tab, add NAT entry for bitorrent machine ex + add associated rules ...

    it's been a week since i was trying to get this to work properly but now it seems all ok .. next step i guess will be the traffic shaping

  • ouff i see people really like to help out noobs here ouff .. anywais i'm asking another question but i really dont expect to get any help since i'm not a paying customer

    is there a reason why wireless transmit rates drops from 54 to 1 Mpbs on the infrastructure AP side the minute i launch my torrents ?

    edit… problem not solved.. just dont know why the transmit rate would drop out like this .. there are some interferences but i dont think nobody's using theire microwave oven for an hour or more and there are no wireless phone operating in the 2.4GHz band except a cell phone once in a while but not for hours a the time so how could the wireless transmit drop  like this? i know the AP is transmiting at 54MBps all the time and when i connect directly with a laptop i get 54MBps network .... so this only comes from the pfbox....

    i know i'm writing here for nothing and i will get no support whatsoever but well i have to try anywais

  • Firstly, you don't need 2 pFsense boxes.  You need only configure one of the wireless gateway/ modems to use a different LAN IP subnet and use the 2nd box to load balance between the 2.  ie.  You'd have Router #1 use 24 and Router #2 use  pFsense #2 would be connected to Router #1 directly using NIC #2.  If the pfsense boxes are somehow connected via wireless for uplinks, then install 2 wireless cards in pfsense #2 and connect each separately to the 2 modem-gateways.  (I can't quite work out your acsii art)

    Makes life a lot easier since you don't have to consider another box (pfsense #1) up the chain.  Less latency and no need to worry about additional potential hardware failure.  Also, you can always setup Pfsense #1 as a CARP failover if you want (since you already have the hardware).

    I'm not quite sure where your wireless is being served out from though.  Is wrls short for wireless?  If so, don't connect it via the WAN port.  Just set an unused private IP for the WAN (say, and hook the unit up via its LAN port.  This turns it into an access point and it doesn't need to route traffic.  Torrenting is killer for most consumer/ prosumer routers.
    Even with NAT turned off, the router is still routing if it's connected through the WAN.

  • for faster response use the paid support options that are available,, the forums are where people donate their time and expertise when they can.

    like dreamslacker stated, you dont need two devices, just set up a dual wan config without the load balancing, but possibly with failover. there is a wiki on how do both.

Log in to reply