Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 wans, one for WWW and the other for everything else

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Feynman
      last edited by

      I'm trying to set up PFsense to direct all port 80 (www) traffic over WAN 1 (which is hooked up to an AT&T DSL line) and everything else over OPT1 (which is connected to a cisco router, then a T1).

      The reason for this is the cisco router has historically been our main internet connection but it also has a site-to-site VPN with another location with people doing missing critical operations such as remote desktop, transferring files, etc. Whenever there is a big internet download happening it severely degrades the performance of the other operations happening over the VPN.

      My hope is that by separating them out in this way the VPN services will stabilize a bit, however I am not entirely sure the best way to do it.

      So I set up all the interfaces and I'm logged into the pfsense for the first time. I'm GUESSING I go to firewall rules, WAN, and create a new rule that says PASS on the WAN interface all TCP packets with a source and destination port WWW to the gateway 99.124.205.x which is the AT&T gateway.

      Then on the OPT1 rules I pass on the OPT1 interface all TCP packets the are NOT (I use the "not" checkbox) from a source or destination WWW to the gateway 10.1.0.1 (this is the cisco router, and was the gateway everyone uses currently for internet AND vpn traffic).

      My first question is this the best way to do it? It actually seems to work in my testing. If I go to "whatismyipaddress.com" it returns the AT&T ip address but I can still access VPN resources.

      However VPN seems quite a bit slower than it was without PFsense sitting in between. Remote desktop is especially choppy/laggy. Is there something I'm missing to improve performance? Thanks for any help!

      1 Reply Last reply Reply Quote 0
      • M
        max_ens
        last edited by

        easy tcp_outgoing_address

        1 Reply Last reply Reply Quote 0
        • Z
          znelbok
          last edited by

          I dont get what you have done.

          If you set it up on the WAN and OPT1, then isn't that for in coming connections from the internet?

          My logic to me says to add the rules to the LAN set.

          I am struggling with a similar setup where I need to use two different WAN connections for specific applications.

          Mick

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.