MultiWAN with MultiLAN

  • Dear All,

    Please advise about how to manage the network with pfsense. My net work is

    WAN1=========                    ======== LAN1
                          ||                ||
                          ||===pfsense || =======LAN2
                          ||                ||
    WAN2=========                    =========WiFi (Captive Potal)
                                                ========Server FARM

    How can I implement the Load Balance and Fail over with this system.
    I use pfsense 2.0

    Sorry for my bad English Typing.
    Thank you in advance.

  • Put your hateways into groups (WAN1 + WAN2) and (LAN1+ LAN2) and then use these Groupse in your firewall rules.

    to create Groups:
    SYSTEM -> ROUTING -> Groups

    If "Tier" is equal on both gateways in a group there is load balancing and automatically failover if one line goes down.

  • Thank you very much Nachtfalke.
    So now I have to create only one group and put them as the same tier.
    And the firewall rules I have to create for each internal subnet to allow the packet to destination port
    eg. ftp http https pop3 smtp seperately right?

  • Not sure if I understand what you mean.

    Every rule you create needs a Gateway. Default is ( * ) which is the default gateway.
    If you want, that the traffic which applies to the rule uses you LoadBalancing/Failover "Group" than you have to enter this Group to the firewall rule.
    You have to decide this for every rule you create.

    I hope I could make this clear. If not, post a screenshot of your firewall rules and explain what you want them to do and then we could talk about them.

  • Dear Nachtfalke
    Now we have 2 WAN.
    Is it possible to assign LAN interface for rest everything?

    Thank you for stand by me.

  • Take a look at my screenshot.

    First is my Group with both of my WAN1 and WAN2

    Second is my Firewall rule on LAN interface.
    First rule is the pfsense defauklt Anti-Lockout rule
    The second rule is a rule for special DESTINATION ports with which I had problems with LoadBalancing or others say that the do not work in every scenario with LoadBalancing.
    Third rule is for LoadBalancing all traffic which DOES NOT match my second rule.

    Thir part of the picture is my Alias I created and name it "SIngleWANPorts" and thisAlias you see in DESTINATION  PORTS on rule two.

  • Dear Nachtfalke

    Thank you very much for your help. This is the helpful for my problem.

  • Dear Nachtfalke

    Now I tested with LAN interface and this is worked as well.
    I have a question is if I have LAN more than one interface (Physical) what I should define the rule to each interface.


  • Dear Nachtfalke

    This is my Network Structure which I using.

  • Hi,

    whats your question ?
    If it is, that LoadBalancing/MultiWAN is NOT working for you with squid than you have to read this:,37083.0.html

  • Dear Nachtfalke

    I will try your idea but can you please tell me for how to block bittorrent if I use your pattern.

    Thank you

  • @keetawat:

    Dear Nachtfalke

    I will try your idea but can you please tell me for how to block bittorrent if I use your pattern.

    Thank you

    I am sorry, I can't. You have to search the forum for layer 7 filtering and/or traffic shaper.
    But I think it would be better placed in another thread. Here it is not related to the topic.
    But before starting an new post, give the search function a try - I know there are some thread related to bittorrent blocking.

  • Dear Nachtfalke

    Thank you very much for your help from began.

Log in to reply