Multi wan with same INET provider

RpR

I have a project where I want to install a pfsense firwall but both wan has the same isp and dns options.
Will this be a problem to make a failover?

Nachtfalke

I am not sure at all, but it is possible to enter "Monitor IPs" on each interface. So you should enter diffrent monitor IPs for your WAN interfaces to make a difference. Further you could enter other DNS servers like googles DNS 8.8.8.8

Another possibility could be, that you use one WAN with pppoe directly connected and the other WAN connected to another router which uses a second NAT.

ISP–-----------------WAN1 (NAT)-
                                                  ----pfSense----LAN
ISP---router (NAT)----WAN2 (NAT)--/

I think, this should work.

jimp

You need the second router scenario if both circuits are from the same ISP

Nachtfalke

Now I've got a question, too.
Is this only a problem if I've got two WAN from one ISP with STATIC IPs or do I still have this problem if I've got two WAN from one ISP with PPPoE and dynamic IPs (changing every 24h).

Is there some documentation to read more about this ?

Thanks.

jimp

If the second line is in a different subnet with a different gateway (as is often the case with static vs dynamic subnet blocks) then it would be fine.

Nachtfalke

Hi again,

now I'm totally unsure if the following scenario will work.
I have got to WAN connections from one ISP (T-Online).

At the moment I use this structure for my testing scenario:

ISP –- PPPoE Router with NAT --- 192.168.0.0/24 ---
                                                                          --- pfSense with NAT ---- LAN
ISP --- PPPoE Router with NAT --- 192.168.1.0/24 --- /

This scenario works fine but the final scenario should look like this:

ISP --- PPPoE Modem ---
                                    --- pfSense with NAT ---- LAN
ISP --- PPPoE Modem --- /

Both WAN connections are DSL with changing IP address every 24 hours.
When I was at work this morning, I took a look at my two routers (Fritz!box) and they only showed me their WAN IP address but no gateway. The first 16 bits of the IP were equal like 87.237.x.x and the last 16 bits were different.

1. Will this work with Load Balancing and Failover ?
2. If not, what other possibilities do I have - the second scenario of my post above ?
3. How could I find out in which subnet my ISP put me ?

I took a look in the pfSense book on chapter 11 but there are some differents between pfSense 1.2.3 and 2.0.

Thanks for your answer and sorry for asking such stupid questions. :-\

jimp

Knowing the IPs is meaningless without also knowing the subnet mask, and the gateway does matter.

If they have the same gateway, or reside in the same subnet, the best you might hope for at the moment is to end up with one line directly connected and one line behind NAT.

Nachtfalke

Hi jimp,

at home I'm using the same ISP as on work. Here I'm using a small D-Link router and the status page ist telling me this:

Connection            PPPoE Connected 
IP Address            84.177.208.44
Subnet Mask          255.255.255.255
Default Gateway    84.177.208.44
DNS                      217.0.43.97 217.0.43.113

Will this help you and in the end me ?

jimp

Looks like it may be OK as long as the gateway is different then.

Nachtfalke

Is this something that every ISP could handle like he wants ?
The back of my book tells me, that you are the absolutly expert containing ISP questions ;)

jimp

Well many ISPs wouldn't budge (or care) on a gateway/network config for an end user line like that unless they're already setup to do so.

Some support MLPPP for true PPPoE link bonding, which is the ideal situation here.

Nachtfalke

Great!

I reconnected my router and I got a new IP and Gateway with 255.255.255.255 subnet mask.

Thank you very much jimp for taking the time for me and my question. No I can enjoy my vacation ;-)