All traffic except SMTP to WAN1
I will soon have a set-up with 2 very unequal WAN feeds. The main feed will be a 20Mb fibre, synchronous with no contention, the second is a standard ADSL line of about 6Mb.
The main link does not have access to a SMTP server so I would like to pass ALL traffic over the main link with just SMTP (and maybe RADIUS) going to the standard ADSL line.
I know that, following the instructions…..http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x, I can set a pool as 'Round Robin' balanced and set-up the SMTP protocol on the firewall settings to favour OPT1 (WAN2) which will keep the SMTP traffic on the ADSL line but this would also share the remaining traffic equally between the two WANs.
My question is if I set-up a firewall rule ( below this one in the list) to block ALL other traffic on OPT1 (WAN2) will this force ALL other traffic through WAN1 or is there another, better way of achieving my aim without resorting to adding rules for every individual protocol.
Having searched the site I can find lots of references to balancing feeds with different speeds, but nothing as specific as this, so any help or links would be appreciated.
podilarius last edited by
I think you are looking to use firewall rules with the gateway option set. Add these above the allow all rule and SMTP or what ever traffic you want will go out ADSL with the rest going out the main link.
Thank you for your quick reply and pointing me in the right direction it is very much appreciated. It was easier than I was expecting it to be. I have just 3 rules
Allow SMTP on WAN2
Block SMTP on WAN1
Default LAN -> any (default rule)
However, (pushing my luck here), it would be really good if in addition to the above I could also set it so that if the Main link, WAN1, fails then ALL traffic redirects through WAN2. I presume for this I will have to attach the firewall rules to a pool. Does anyone know if this is possible please.
You must create a "failover" group ( System –> Routing --> Groups )
in that group set your WAN2 Priority to "Tier 1" & WAN1 to "Tier 2" and your Trigger Level "Member Down"
now modify your "Allow SMTP" rule, in "Advanced Featrures" --> "Gateway" choose your "Failover Group" ( instead WAN1 or WAN2 or Default )
Thanks for replying. I'm currently running 1.2.3 and I believe I need to upgrade to 2.0 to get these features so I'm currently trying to do that then I'll be trying this.
You can do that on 1.2.3, just read again the guide ( about multiwan ) from your first post