Multi wan with private IPs

  • Hi, I hope someone can help with this.

    I have three Netgear DG834 ADSL routers connected to the WAN, OPT1 and OPT2 interfaces on a pfSense box which is also connected to the LAN.

    The WAN connection has a 62.49.x.y/29 allocation so the router and pfsense have external addresses.

    OPT1 is with a gateway of, the router also has a 81.174.x.y/32 external address.

    OPT2 is with a gateway of, the router also has a 80.229.x.y/32 external address.

    The LAN is

    I've followed the MultiWAN doc: to set-up load balancing. The problem is that a client on the LAN will get connection timeouts when browsing or pinging with occasional bouts of it working. If I ping from the pfsense diagnostics menu: it works on the WAN but not on either OPT interfaces. A server sitting outside pfsense on the 192.168.10.x network has no problem accessing external addresses with as it's default gateway.

    I'm guessing it's some sort of routing problem.


  • If you do "internal" then you must disable NAT (set Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)), click save, then remove the auto generated NAT rule and save).  Then PF is now a router only, the NAT is done by the Netgear.

    If you do "external", then ensure that NAT is enabled on PF.

    You can mix and match, ie internal on say wan and external on opt1 and opt2 but make sure that you set the NAT rules for the external addressed interfaces and not for the internal ones.

    So re reading your post (!) you need to use NAT for wan but not for opt1 and opt2.  You should have exactly 1 outbound NAT rule.


  • Sorry for the late reply.

    I tried this but I lose all connectivity when I choose Manual Outbound NAT and leave the automatic WAN mapping that appears below.

    Switching back to Automatic outbound NAT restores the intermittent connectivity.


  • disable the bogon routing function, its under the WAN interface, that way all private ips will then be routed.

  • I've reduced the problem to this:

    I have a LoadBalance pool with OPT1 (gateway and OPT2 (gateway

    In the LAN firewall rules, at the bottom, I have setup:

    • LAN net * * *      OPT2 (WAN3) gateway only

    • LAN net * * *   OPT1 (WAN1) gateway only

    • LAN net * * * LoadBalance   Load Balance

    • LAN net * * * *                   Everything else gets shared out

    I disable OPT1 and LoadBalance so all internet traffic goes out, swap it out for OPT1 and all traffice goes out

    Using the ip.php script on I can see the external addresses of these two routers changing respectively.

    However, when I disable the OPT1 and OPT2 rules , and bring the LoadBalance rule on-line, it only works when the round robin system selects the last OPT interface I had active before.

  • Un-ticking 'Use sticky connections' in System -> Advanced -> Load Balancing did the trick!

Log in to reply