Multi wan with private IPs
Hi, I hope someone can help with this.
I have three Netgear DG834 ADSL routers connected to the WAN, OPT1 and OPT2 interfaces on a pfSense box which is also connected to the LAN.
The WAN connection has a 62.49.x.y/29 allocation so the router and pfsense have external addresses.
OPT1 is 192.168.10.3 with a gateway of 192.168.10.1, the router also has a 81.174.x.y/32 external address.
OPT2 is 192.168.11.4 with a gateway of 192.168.11.4, the router also has a 80.229.x.y/32 external address.
The LAN is 192.168.70.0/24.
I've followed the MultiWAN doc: http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x to set-up load balancing. The problem is that a client on the LAN will get connection timeouts when browsing or pinging with occasional bouts of it working. If I ping www.google.co.uk from the pfsense diagnostics menu: it works on the WAN but not on either OPT interfaces. A server sitting outside pfsense on the 192.168.10.x network has no problem accessing external addresses with 192.168.10.1 as it's default gateway.
I'm guessing it's some sort of routing problem.
If you do "internal" then you must disable NAT (set Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)), click save, then remove the auto generated NAT rule and save). Then PF is now a router only, the NAT is done by the Netgear.
If you do "external", then ensure that NAT is enabled on PF.
You can mix and match, ie internal on say wan and external on opt1 and opt2 but make sure that you set the NAT rules for the external addressed interfaces and not for the internal ones.
So re reading your post (!) you need to use NAT for wan but not for opt1 and opt2. You should have exactly 1 outbound NAT rule.
Sorry for the late reply.
I tried this but I lose all connectivity when I choose Manual Outbound NAT and leave the automatic WAN mapping that appears below.
Switching back to Automatic outbound NAT restores the intermittent connectivity.
disable the bogon routing function, its under the WAN interface, that way all private ips will then be routed.
I've reduced the problem to this:
I have a LoadBalance pool with OPT1 (gateway 192.168.10.1) and OPT2 (gateway 192.168.11.1).
In the LAN firewall rules, at the bottom, I have setup:
LAN net * * * 192.168.11.1 OPT2 (WAN3) gateway only
LAN net * * * 192.168.10.1 OPT1 (WAN1) gateway only
LAN net * * * LoadBalance Load Balance
LAN net * * * * Everything else gets shared out
I disable OPT1 and LoadBalance so all internet traffic goes out 192.168.11.1, swap it out for OPT1 and all traffice goes out 192.168.10.1.
Using the ip.php script on pfsense.org I can see the external addresses of these two routers changing respectively.
However, when I disable the OPT1 and OPT2 rules , and bring the LoadBalance rule on-line, it only works when the round robin system selects the last OPT interface I had active before.
Un-ticking 'Use sticky connections' in System -> Advanced -> Load Balancing did the trick!