2 wans, one for WWW and the other for everything else

  • I'm trying to set up PFsense to direct all port 80 (www) traffic over WAN 1 (which is hooked up to an AT&T DSL line) and everything else over OPT1 (which is connected to a cisco router, then a T1).

    The reason for this is the cisco router has historically been our main internet connection but it also has a site-to-site VPN with another location with people doing missing critical operations such as remote desktop, transferring files, etc. Whenever there is a big internet download happening it severely degrades the performance of the other operations happening over the VPN.

    My hope is that by separating them out in this way the VPN services will stabilize a bit, however I am not entirely sure the best way to do it.

    So I set up all the interfaces and I'm logged into the pfsense for the first time. I'm GUESSING I go to firewall rules, WAN, and create a new rule that says PASS on the WAN interface all TCP packets with a source and destination port WWW to the gateway 99.124.205.x which is the AT&T gateway.

    Then on the OPT1 rules I pass on the OPT1 interface all TCP packets the are NOT (I use the "not" checkbox) from a source or destination WWW to the gateway (this is the cisco router, and was the gateway everyone uses currently for internet AND vpn traffic).

    My first question is this the best way to do it? It actually seems to work in my testing. If I go to "whatismyipaddress.com" it returns the AT&T ip address but I can still access VPN resources.

    However VPN seems quite a bit slower than it was without PFsense sitting in between. Remote desktop is especially choppy/laggy. Is there something I'm missing to improve performance? Thanks for any help!

  • easy tcp_outgoing_address

  • I dont get what you have done.

    If you set it up on the WAN and OPT1, then isn't that for in coming connections from the internet?

    My logic to me says to add the rules to the LAN set.

    I am struggling with a similar setup where I need to use two different WAN connections for specific applications.


Log in to reply