Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 WAN Load Balance - 1 Download 1 Upload

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nitronewf
      last edited by

      Hello,

      I have 2 WAN connections which I want to use pfSense to load balance, but I want to set it up so that one WAN is used for inbound traffic and the other is for outbound. The reason being is that one of our connections has a higher download, but low upload and no monthly bandwidth cap, while the other connection has a high upload and a bandwidth cap.

      I've been reading over the load balancing documentation and have configured the load balancing rules with only the one gateway instead of round robin. It's status is showing online but when I test the connection it is saying it is the correct IP for my upload, but when I look at the WAN traffic only that WAN is doing anything, both up and down, when I want it to only be doing up and the other WAN down. I have a firewall rule to send the LAN traffic out WAN2.

      Is what I am trying to do possible? Can I set up load balancing this way and have one connection for each role?

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        I am not sure, if this is possible with pfSense, bute I am sure, that this will be a problem for protocols do not allow load balancing link HTTP/SSL.

        Just an example:

        You request a website like www.google.com and you send this request over WAN1 with IP 10.11.12.13 (Upload). How should it be possible for the google.com webserver to know, that it should answer you on your WAN2 with a diffrent IP like 20.21.22.23 (Download) ?

        I am really unsure if this could work.

        1 Reply Last reply Reply Quote 0
        • I
          icpsco
          last edited by

          This is just a guess, but what if you outbound NATed the requests from one interface (upload iface) to be the IP of the download iface?

          So if you sent a request to a server from upload iface, it would have the IP of the download iface, and the server would send a request back to the download iface?

          :)

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Many ISPs would block outgoing traffic if the IP is spoofed in that way.

            There is no way to really tell an "upload" from a "download" if the traffic is all HTTP, FTP, SCP, etc in both directions, but if your uploads vary by protocol, you could just craft some policy-based routing rules to direct out certain WANs based on the port number.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.