Need an advice about bridging and dual wan

drift1

Hello people,

I have a dilemma and very very need your help. I am not an expert. I want to setup a maximum good performance network for my computers, web servers.
Today I have "Internet provider 1" which has Router pointing to my Switch/LAN. This environement should be reconfigured by setup like in one of examples below.
I need the recomendations of yours what to choose.

In next week I will have the second internet line "Internet provider 2". I can not move Pirelli Router - it must stay.
Necessary condition is that Pirelli will be bridged with PFBOX1 in such way
that it would be possible to set up firewall conditions and especialy port forwarding in PFBOX1.
Pirreli is managed by ISP. I need every time to ask him to do port forwarding. It is not convienent and
doing it by myself in PFBOX1 would be much easier. I think about two situations:

I EXAMPLE
Two internet lines and two PFsense boxs. CARP failover and load balancing are needed also.

Internet provider 1 –--Modem/Router Pirelli ------ PFsense(router/firewall)BOX1 -----
                                                                                  |
                                                                                Switch-------Web servers/Computers
                                                                                  |
Internet provider 2 ------------PFsense(router/firewall)BOX2------------------------

II EXAMPLE
If example 1 is not possible, can I implement setup with two internet lines and one PFsense box (wan loadbalancing, but no CARP)?

Internet provider 1 ----Modem/Router Pirelli --------------
                                                                |
                                                          PFsense(router/firewall)--------Switch-------Web servers/Computers
                                                            |
Internet provider 2 --------------------------------------

So what scenario would be possible in situation described above.
Thank you for your recomendations.

drift1

Could someone help me? :)

Cry Havok

Quite probably, but waiting 14 hours and then bumping your post won't buy you any favors - it just makes you look impatient.  Remember - people are giving up their free time to help you.

If you haven't already, do please read the documentation that's easily found from the main pfSense site.  It should help you understand the basics of how things like load balancing and failover work.

drift1

Sorry… I have read documentation and forum post, but can find any information about this. Maybe I missed something...

Cry Havok

Did you read this one?, or these?

I've never used it, but I'm pretty sure that load balancing will only work with a single gateway doing the load balancing, which means only your second example will provide that.

drift1

I missed this point about gateway condition… :(  My fault...

Anyway, looking in second exmaple, is it possible to bound Pirelli with PFbox in such way that I can manage all firewalls rules and port redirections from PFbox?

Cry Havok

No idea - I've never heard of a Pirelli router and as you've only provided a brand it's impossible for anybody to say.  If it has something usually called "bridge mode" then yes, otherwise you're probably out of luck.  Were you to provide the exact model, and ideally a link to a PDF copy of the manual, somebody may be able to say more.

drift1

The router is far away from me at the moment, but then I will find out the model I will announce it here. Looking at your answer if I understood properly, I need to look at Pirelli router capabilities for bridge mode. If it's meet this requirement I can connect it to PF and explore routing and firewall from PF. If Pirelli handles the bridge, what steps I need to do on PFsense box? I am using version 1.2.3. Looking at system > advanced i saw "Enable filtering bridge
This setting no longer exists as it is unnecessary. Filtering occurs on the member interfaces of the bridge and cannot be disabled." What does it mean?

Cry Havok

If the Pirelli supports bridge mode then you just have to ensure that the pfSense host is set for DHCP on the LAN interface.  Don't enable the filtering bridge in pfSense.

As for the "no longer exists" option - have you bridged interfaces?

drift1

My PF has two nicks, one LAN and one WAN which interfaces are not bridged.
Ok, I will set up DHCP on PF LAN interface. What should I enter for PF WAN interface - public IP address or LAN IP address of my Pirelli router?

Cry Havok

"That depends"

Does your ISP allocated their IP address by DHCP, even if they are static?  If so just set it to DHCP.  If not then enter the IP address, netmask and default gateway as they provided.

drift1

Thanks Cry for the explanations, it was very helpful to me. I think to put my hands on this stuff next week. Happy New Year!

Liath.WW

Another thought, not sure if this would help but I saw that you said that the ISP manages the pirelli box.  You could just tell them to open ALL ports and forward them, and have pfSense manage it from there.  That would essentially be akin to putting the pirelli in bridge mode, aside from really being in bridge mode.

It would be similar to some routers' "DMZ" mode.