Dual WAN & Dual LAN with 3 ports



  • I have 2 internet connections (10mbit and 1mbit) currently connected to my pfsense box.

    I need 2 internal zones. LAN and DMZ, but I only have one available port on the pfsense box.

    I need 1 WAN IP pointing to my small business server hosting remote web workplace and email in the LAN.
    I need 1 WAN IP pointing to my web server in the DMZ.

    I would prefer both LAN & DMZ to use the faster 10mbit connections gateway, except for the small business server which will use the 1mbit gateway.

    My pfsense box has 3 ethernet ports. I have both WAN's plugged into the pfsense box, leaving one port for my internal network.

    In order to add a DMZ with my current setup I would need to use VLAN's, but I have read that is not very secure because the LAN and DMZ would both be connected to the same managed switch.

    Can I use the managed switch & vlans to combine the two WAN's before reaching pfsense and still retain the ability to use the 3 static WAN IP addresses?

    I have an additional 3 ethernet port pfsense box in storage. Could I connect 2 physical WAN's to first pfsense box and one LAN connection to second pfsense box, and then use 2nd pfsense boxes remaining two ports for LAN & DMZ?

    My available hardware
    1x managed switch gs105e (5-ports)
    2x pfsense boxes (3 ports each)
    1x Cisco Pix 501 (most basic model, only allows 1 subnet)

    Any tips would be greatly appreciated.



  • @philpot:

    I have an additional 3 ethernet port pfsense box in storage. Could I connect 2 physical WAN's to first pfsense box and one LAN connection to second pfsense box, and then use 2nd pfsense boxes remaining two ports for LAN & DMZ?

    Yes you could, that would be best.
    If you use a switch to combine the 2 WAN using VLAN, then you'd be exposing yourself to the same risks as a VLAN from behind PFSense (afaik, then again i'm not top notch)



  • How would I go about assigning the external static WAN IP through 2 pfsense boxes?



  • I think this document:
    http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

    Is kind of in the right direction for what I need. I just need to comprehend it. I'm on 2.0 as well, hopefully they are close to the same.


  • Rebel Alliance Developer Netgate

    There is a guide specific to 2.0 on the wiki.

    http://doc.pfsense.org/index.php/Multi-WAN_2.0



  • I'm still a bit confused. I took the network example from the 1.2 docs and adjusted it a bit.

    The red box is my small business server, it does smtp, remote web workplace and outlook web access.

    The blue box is what I would like to use the connection #1 which is the faster connection.

    I think I can figure out that much between the 1.2 and 2.0 docs. My question is, what goes in the green circle? Just a regular unmanaged switch and then I add another firewall before the dmz zone?

    The second image is what I was thinking originally. Would this setup work?

    I'm not even worried about failover or load balancing right now, I just need to get this DMZ sorted.





Log in to reply