WAN1 -> Comp1 | WAN2 -> Comp2 (Regardless of traffic type) [SOLVED]



  • Pretty much want one computer (IP 192.168.0.2) using WAN2 for all traffic and a second computer (IP 192.168.0.3) send all traffic out WAN1

    How would I go about setting this up?



  • What do you think? you should know the answer :) http://forum.pfsense.org/index.php/topic,39018.msg204041.html
    Upgrade to the latest 2.0 snapshot and reset states after you have applied your firewall rules.
    You can use the command line tool traceroute (tracrt) from your hosts to verify the gateway they use.
    Provide screen shots of your rules and gateways if it doesn't work.



  • Yea I thought so too…



  • Okay screenshot shows that you tried to get from /24 –> 192.168.0.0 - 192.168.0.254 to go out from one gateway and you said you want from one particular ip-address to work like it so the notation is 192.168.0.3 /32
    Reset the states after this modification. ( Diagnostics:States:Reset States)

    What is the problem? what kind of trafic you want to send out, now you send only tcp trafic out via that gw.



  • Story time:

    WAN1 = ISP(1)
    WAN2 = ISP(2)
    Server = 192.168.0.30
    Linux VMbox = 192.168.0.40

    I have ISP(1) and ISP(2). ISP(1) is my current main connection, and ISP(2) is an unlimited connection.

    ISP(2) has horrible traffic shaping in place for P2P traffic. The plan is to have the authentication and handshake happen on ISP(1) so its seems to ISP(2) that it is local/national traffic. It is the handshake that ISP(2) mess with to limit speed.

    So on my server I have a Linux VMware install, the idea is that via using an SSH tunnel I send the handshake/authentication out to the Linux box (ISP(1)) which then returns and downloads over ISP(2),

    But for this to work, I need to get the Linux VMware using connection ISP(1) and the actual server which is downloading using ISP(2)

    This concept works amazingly well and its how I had it all setup but ISP(2) was a server in a data centre I was using, but I am cutting costs and trying to do it on my two home lines.



  • How you can tell to client that "send traffix at address x and wait response from address y"?!?

    Or is there something else what i don't understand?



  • You don't need to, uTorrent has the option to resolve host name over proxy.



  • This is longshot: manual outbound nat:
    192.168.0.40 /32 as source
    destination to any
    Translation your wanted gateway

    But i've only used this for multiple public ip-addressign so i'm not sure how this would work.

    Usually it could be done by lan rules where you can determine gateway.
    In the rules are also advanced settings for L7, if you have proper rules for L7 trafic (p2p) you could then say
    whatever machine is sending p2p traffic out uses specified gateway



  • Thanks will give it a shot tonight,

    I can't seem to get the logic in my head right about the correct way to do this which really doesn't help.

    The Linux VM just needs to have a different public IP to the server, I think is the best way to describe it. The server and the VM are not used for anything else so matching traffic types shouldn't be a problem if I just set it to any yea?



  • @Metu69salemi:

    Translation your wanted gateway

    Under Translation I only have the option for Interface address and other subnet?

    Edit: I have just found virtual IPs…
    I assume I still want it on the same subnet? i.e giving the WAN adapter an IP of 192.168.0.100 will be okay?

    Edit #2: So obviously I would have to set NAT rules to manual, but I have no clue how I would go about remapping everything manually



  • Can you please make a drawing of your environment. and make notations what you want to achieve



  • It should be a pretty simple concept.

    I need the blue computer sending out information, but it cannot be using the same WAN/Gateway as the red computer.



  • Hi!

    I have almost the same scenario here, mine is simple.

    WAN 1 -> LAN

    WAN 2 -> Captive portal

    No LOAD sharing, probably I will put lusca (LAN, Wireless-CP) if it's possible.

    I just want to separate the WAN's in order for it to be dedicated (LAN, Wireless-CP).

    Hoping someone can help me, badly needed.



  • @ihuntian, make your own topic
    @peavers: try this rule: * 192.168.0.40 * * * WAN2 <– simplest possible rule to say linux virtual machine sends anything to blue gateway



  • Yup have already tried that, tried all sorts of possible combinations and variations of that rule before I created the thread…



  • @Metu69salemi:

    @ihuntian, make your own topic
    @peavers: try this rule: * 192.168.0.40 * * * WAN2 <– simplest possible rule to say linux virtual machine sends anything to blue gateway

    Just tired this again and it worked!

    You good sir, If you are ever in New Zealand, send me a message and I will shout you a night on the town.

    +1 For this guy.



  • Maybe i'll travel around a globe someday, but not today. there is no way that personal budget can stand that kind of investment.
    Good that it was solved. Can you tag first post subject field with [solved] or similar


Locked