2 WAN Load Balance - 1 Download 1 Upload



  • Hello,

    I have 2 WAN connections which I want to use pfSense to load balance, but I want to set it up so that one WAN is used for inbound traffic and the other is for outbound. The reason being is that one of our connections has a higher download, but low upload and no monthly bandwidth cap, while the other connection has a high upload and a bandwidth cap.

    I've been reading over the load balancing documentation and have configured the load balancing rules with only the one gateway instead of round robin. It's status is showing online but when I test the connection it is saying it is the correct IP for my upload, but when I look at the WAN traffic only that WAN is doing anything, both up and down, when I want it to only be doing up and the other WAN down. I have a firewall rule to send the LAN traffic out WAN2.

    Is what I am trying to do possible? Can I set up load balancing this way and have one connection for each role?

    Thanks in advance.



  • I am not sure, if this is possible with pfSense, bute I am sure, that this will be a problem for protocols do not allow load balancing link HTTP/SSL.

    Just an example:

    You request a website like www.google.com and you send this request over WAN1 with IP 10.11.12.13 (Upload). How should it be possible for the google.com webserver to know, that it should answer you on your WAN2 with a diffrent IP like 20.21.22.23 (Download) ?

    I am really unsure if this could work.



  • This is just a guess, but what if you outbound NATed the requests from one interface (upload iface) to be the IP of the download iface?

    So if you sent a request to a server from upload iface, it would have the IP of the download iface, and the server would send a request back to the download iface?

    :)


  • Rebel Alliance Developer Netgate

    Many ISPs would block outgoing traffic if the IP is spoofed in that way.

    There is no way to really tell an "upload" from a "download" if the traffic is all HTTP, FTP, SCP, etc in both directions, but if your uploads vary by protocol, you could just craft some policy-based routing rules to direct out certain WANs based on the port number.


Locked