Multi wan with same INET provider



  • I have a project where I want to install a pfsense firwall but both wan has the same isp and dns options.
    Will this be a problem to make a failover?



  • I am not sure at all, but it is possible to enter "Monitor IPs" on each interface. So you should enter diffrent monitor IPs for your WAN interfaces to make a difference. Further you could enter other DNS servers like googles DNS 8.8.8.8

    Another possibility could be, that you use one WAN with pppoe directly connected and the other WAN connected to another router which uses a second NAT.

    ISP–-----------------WAN1 (NAT)-
                                                      ----pfSense----LAN
    ISP---router (NAT)----WAN2 (NAT)--/

    I think, this should work.


  • Rebel Alliance Developer Netgate

    You need the second router scenario if both circuits are from the same ISP



  • Now I've got a question, too.
    Is this only a problem if I've got two WAN from one ISP with STATIC IPs or do I still have this problem if I've got two WAN from one ISP with PPPoE and dynamic IPs (changing every 24h).

    Is there some documentation to read more about this ?

    Thanks.


  • Rebel Alliance Developer Netgate

    If the second line is in a different subnet with a different gateway (as is often the case with static vs dynamic subnet blocks) then it would be fine.



  • Hi again,

    now I'm totally unsure if the following scenario will work.
    I have got to WAN connections from one ISP (T-Online).

    At the moment I use this structure for my testing scenario:

    ISP –- PPPoE Router with NAT --- 192.168.0.0/24 ---
                                                                              --- pfSense with NAT ---- LAN
    ISP --- PPPoE Router with NAT --- 192.168.1.0/24 --- /

    This scenario works fine but the final scenario should look like this:

    ISP --- PPPoE Modem ---
                                        --- pfSense with NAT ---- LAN
    ISP --- PPPoE Modem --- /

    Both WAN connections are DSL with changing IP address every 24 hours.
    When I was at work this morning, I took a look at my two routers (Fritz!box) and they only showed me their WAN IP address but no gateway. The first 16 bits of the IP were equal like 87.237.x.x and the last 16 bits were different.

    1. Will this work with Load Balancing and Failover ?
    2. If not, what other possibilities do I have - the second scenario of my post above ?
    3. How could I find out in which subnet my ISP put me ?

    I took a look in the pfSense book on chapter 11 but there are some differents between pfSense 1.2.3 and 2.0.

    Thanks for your answer and sorry for asking such stupid questions. :-\


  • Rebel Alliance Developer Netgate

    Knowing the IPs is meaningless without also knowing the subnet mask, and the gateway does matter.

    If they have the same gateway, or reside in the same subnet, the best you might hope for at the moment is to end up with one line directly connected and one line behind NAT.



  • Hi jimp,

    at home I'm using the same ISP as on work. Here I'm using a small D-Link router and the status page ist telling me this:

    Connection            PPPoE Connected 
    IP Address            84.177.208.44
    Subnet Mask          255.255.255.255
    Default Gateway    84.177.208.44
    DNS                      217.0.43.97 217.0.43.113

    Will this help you and in the end me ?


  • Rebel Alliance Developer Netgate

    Looks like it may be OK as long as the gateway is different then.



  • Is this something that every ISP could handle like he wants ?
    The back of my book tells me, that you are the absolutly expert containing ISP questions ;)


  • Rebel Alliance Developer Netgate

    Well many ISPs wouldn't budge (or care) on a gateway/network config for an end user line like that unless they're already setup to do so.

    Some support MLPPP for true PPPoE link bonding, which is the ideal situation here.



  • Great!

    I reconnected my router and I got a new IP and Gateway with 255.255.255.255 subnet mask.

    Thank you very much jimp for taking the time for me and my question. No I can enjoy my vacation ;-)


Locked