Routers absolutely necessary for dual wan?



  • Hi everyone, I would really appreciate some help if possible.

    Here is my current setup:

    WAN1 –[Modem]–----
                                  |
                                [pfSense]–-----------LAN
                                  |
    WAN2 --[Modem]–----

    Modems are Dlink DSL 300T.
    These modems pass the public IP addresses over to each PfSense interfaces.

    Pfsense Interfaces:
    LAN IP = 192.168.1.254
    WAN1 IP = Static IP (manually configured) = x.x.x.46/30 | GW: x.x.x.45
    OPT1 IP = Static IP (automatically Via DHCP) = x.x.x.9 | GW: ??

    The LAN users are currently using the WAN1 for internet access, everything is working fine.
    The LAN users cannot use OPT1 for internet access for some reason. The link is up and ping-able from outside.
    I think it has something to do with routing.
    The default route for pfSense is set to the Gateway address of WAN1 (x.x.x.45).
    However the Gateway address of OPT1 is set to 127.0.0.1.

    I have read almost every post on the forum regarding dual WAN and load balancing which are relevant.
    I have also read the two guides available on the pfsense website.
    One thing that is still not clear is about the hardware side of the situation.
    Is it absolutely necessary to use a router in between each modem and pfsense in order to set up the outgoing load balancing and automatic failover?

    I am also having trouble setting up the load balancing configuration because of this.
    What IP addresses can I use for the monitor IP's?
    PfSense tells me it cannot use the IP addresses already assigned to the interfaces.
    I do not have enough public IP addresses to add any to a pool either.

    Many thanks in advance for any input given or anyone who can point me in the right direction regarding the load balancing pool with specific details.



  • I have had difficulty with load balancing when WAN links were in the same subnet (same ISP).  I connected NAT routers to my pfSense box and statically assigned IPs to my WAN interfaces.  Every WAN link lives it its own unique subnet and has a static IP/gateway.

    In your case, I'd suggest you connect a NAT router to OPT1 as it has the tricky DHCP assignment.  Your WAN interface should be fine as it is.

    Set your ISPs gateway (or DNS server or google.com!?) as your monitor IP.  You cannot use the same monitor IP more than once in any of your LB pools.  They must be unique.



  • Each WAN link is supplied by completely different ISP's on different subnets. Despite the fact that OPT1 has an IP address assigned by DHCP it has had the same IP address for the last 6 months.

    Thanks for the tip on monitor IP's :D

    With a static IP you are given a seperate IP address for a gateway.
    When you are automatically assigned an IP from an ISP they do not let you know your gateway IP, so how can I find out?

    In the Status>Interfaces section of PfSense, for OPT1 the gateway address is exactly the same as the IP address.
    When I try and use this IP address as the gateway address for the Load Balancer. I get an error:

    The following input errors were detected:

    * x.x.x.9 is currently being referenced by an interface ip address on opt1.



  • Ok sorry if I have wasted some peoples time. I have now sorted that problem out and the Load Balancer is configured.
    I managed to use the next Hop of the ISP on OPT1 connection and ive used the ISP dns server as the monitor IP.

    I have followed the intructions mentioned on here: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing
    Due to the fact that I am not using routers in between pfSense and the modems, does that mean I do not have to make use of Advanced outbound NAT?

    However the Load Balancing still does not work, all traffic from LAN users keeps going through WAN1 every single time.
    Where is the documentation regarding routing and the configuration of the firewall rules?

    Please help.



  • dit you set youre firewall rules to use the loadballingspool insted of the default gateway?



  • Yeh I've made sure of that. Thanx though :)

    People seem to be reading this thread but not many can be bothered to input. If anyone is reading, can you just answer me one thing please?

    Am I going to have to use a router in between the OPT1 interface and the modem in order to get this working due to DHCP?
    I have read in some places that this load balancing/auto failover will not work unless you have static IP's both sides.
    But other people seem to have got it working without using static IP's so there seems to be a mixed opinion around the place.



  • advanced outbound nat use is option and only needed if you have some special settings like CARP or VIPs at an interface. pfSense will do NAT automatically at each interface that has a gateway set.



  • Ok, noted. Thanx hoba.



  • @Timmeh:

    Hi everyone, I would really appreciate some help if possible.

    Here is my current setup:

    WAN1 –[Modem]–----
                                   |
                                 [pfSense]–-----------LAN
                                   |
    WAN2 --[Modem]–----

    Modems are Dlink DSL 300T.
    These modems pass the public IP addresses over to each PfSense interfaces.

    Pfsense Interfaces:
    LAN IP = 192.168.1.254
    WAN1 IP = Static IP (manually configured) = x.x.x.46/30 | GW: x.x.x.45
    OPT1 IP = Static IP (automatically Via DHCP) = x.x.x.9 | GW: ??

    The LAN users are currently using the WAN1 for internet access, everything is working fine.
    The LAN users cannot use OPT1 for internet access for some reason. The link is up and ping-able from outside.
    I think it has something to do with routing.
    The default route for pfSense is set to the Gateway address of WAN1 (x.x.x.45).
    However the Gateway address of OPT1 is set to 127.0.0.1.

    I have read almost every post on the forum regarding dual WAN and load balancing which are relevant.
    I have also read the two guides available on the pfsense website.
    One thing that is still not clear is about the hardware side of the situation.
    Is it absolutely necessary to use a router in between each modem and pfsense in order to set up the outgoing load balancing and automatic failover?

    I am also having trouble setting up the load balancing configuration because of this.
    What IP addresses can I use for the monitor IP's?
    PfSense tells me it cannot use the IP addresses already assigned to the interfaces.
    I do not have enough public IP addresses to add any to a pool either.

    Many thanks in advance for any input given or anyone who can point me in the right direction regarding the load balancing pool with specific details.

    Follow this:
    http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

    I successed with this document.


Locked