MultiWan opt1 i/f not working

rpedrica

I've read through a lot of the mutliwan issues listed here as well as the tut but I'm still having a problem. Setup is:

wan1 (pppoe ) <–---> internet
internal lan ( 192.168.150.x ) <----->192.168.150.42 pfsense
                                                                                            opt1 10.1.1.2 <-------> 10.1.1.1 cisco 196.30.x.x <-------->

I normal operation, wan1 works fine and traffic flow to/from the internet over adsl works well. I can also ping the cisco's internal interface from pfsense or the internal lan. I assume the wan1 link ( pppoe ) will set default route and override anything else set. However, the moment I enable advanced outbound nat, pinging from pfsense to the router stops working. I go further and create the 2 outbound nat entries:

opt1 source ( lan ) dest ( * )
wan1 source ( lan ) dest ( * )

and I create the lan rules:

source * dest port 25 gateway = 10.1.1.1
source * dest * gateway = default

Wan stuff continues to work ( eg. above <>25 ) but there is nothing over the opt1 link and I can't ping the router from either pfsense or the internal lan. If I switch off advanced outbound nat, then pinging the router works again but of course there is no policy based routing then. It seems fairly logical but I just can't get it to work. Any assistance would be appreciated.

hoba

1st you need static gateway IPs for this to work. Is your PPPoE static? If yes, is your gateway and IP at WAN identical or is it different?
2nd don't create advanced outbound NAT rules. This is not needed anymore or only for some specal setups where you need it for something else.

Which tutorial did you follow? Have a look at http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing .

rpedrica

Hi Hoba, thanks for the quick reply.

I'm looking for policy-based routing and not load balancing ( my links are different types ) so I've followed this doc:
http://www.pfsense.com/mirror.php?section=tutorials/policybased_multiwan/policybased_multiwan.pdf

1. My pppoe is not static - it is dhcp assigned by the isp. As far is I remember the gateway for these pppoe links are the interface itself …

2. are you saying that I just use the policy rules in the firewall rules section then, no firewall - outbound nat? Can you explain under what circumstances you might use adv ob nat?

I'm running 1.0.1 by the way if that helps any. Thanks. Robby

hoba

pfSense will create outbound nat automatically in the background for interfaces that have a gateway. That's why you don't need advanced outbound nat. You need it if you use carp for example where you don't have to use the real interface adress for the natting but the virtual CARP IP or if you have multiple virtual IPs which you want to map to special hosts in your lan.

For loadbalancing and policybasedrouting you need static gateways. it won't work with dynamically assignhed adresses (unless your gateway at the dhcp wan is always the same). If that's not the case fake the static gateway the same way that you faked it at the optwan.

rpedrica

Thanks Hoba,

According to your response, I think maybe the following will work:

wan1 10.1.2.2 <–------> 10.1.2.1 adsl router (pppoe/dhcp ) <-----> internet
internal lan ( 192.168.150.x ) <----->192.168.150.42 pfsense
                                                                                            opt1 10.1.1.2 <-------> 10.1.1.1 cisco 196.30.x.x <-------->

So instead of pfsense doing the pppoe, I insert another private network and use an adsl router to do the pppoe. From pfsense's p.o.v., the gateway ( 10.1.2.1 on adsl router ) stays static. At the moment, I'm using a bridge adsl modem.

Your comment?
Regards, Robby

hoba

Yes, you got it. If the routers that you use in front have a DMZ/expedited host feature enter the LAN IPs of the pfSense there.