Dual Wan setup… Comcast Cable + ATT DSL help!



  • Hey All,

    Ok I just got my ATT DSL configured today. All is well. Now I want to add this to my
    pfSense Router/Firewall.  I have read many how to's but none seem to fit my needs/setup.

    Any advice on this?

    Cable Modem: Comcast no logins required. Just connect to the Modem and DHCP IP done.
    DHCP not static

    ATT DSL: DSL Modem has all of the PPPoe settings already. DHCP not static.

    I would like to do load balancing if possible. I have read some issues concerning Email
    and DNS. Could I just force those to just one WAN?

    I need to know how to setup the Load Balancer and possibly the Firewall rules necessary.

    Any ideas would be great.



  • http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing nearly exactly describes your setup and gives answers to your questions as well. Make sure to use a recent snapshot as the gui present in 1.0.1 release is a bit different when it comes to poolcreation. You can grab the latest snapshot at http://snapshots.pfsense.org/FreeBSD6/RELENG_1/



  • Sweet!

    So I am new to pfSense how do I update it with the snapshot? Is there a specific command?



  • go to system -> firmware in web gui



  • Around here, the ATT DSLs usually come with a crappy little Netopia 33xx. You don't want to do PPPoE on the Pfsense box with load balancing right now, as this is currently broken in the snapshot releases. But double-natting sucks. If you have a /29 block you can bridge the Netopia's WAN to LAN and put another public on pfSense's Interface and add the remaining as Virtual IPs. If you only have the single public, you might want to run 1.0.1 release and not a snapshot- the load balancer is not as nice and doesn't do failover, but it will work with a PPPoe WAN. In that case, turn the router into a bridge and have pfSense do the PPPoE login. just some thoughts…



  • Thank you…

    Ok I am looking at the howto provided and it states to set the IP addresses for the Modem/Router.

    I have DSL modem and a Cable modem, neither of which can I change the IP address.

    So I am stuck on that step.

    I can see what each one is set to:

    1. Cable modem is set to 192.168.100.1
    2. DSL is set to 192.168.0.1

    However on the pfSense box I cannot ping either one of these IP address?

    So now in the Load Balancer setup I am stuck.

    Any ideas?



  • @dotdash:

    Around here, the ATT DSLs usually come with a crappy little Netopia 33xx. You don't want to do PPPoE on the Pfsense box with load balancing right now, as this is currently broken in the snapshot releases. But double-natting sucks. If you have a /29 block you can bridge the Netopia's WAN to LAN and put another public on pfSense's Interface and add the remaining as Virtual IPs. If you only have the single public, you might want to run 1.0.1 release and not a snapshot- the load balancer is not as nice and doesn't do failover, but it will work with a PPPoe WAN. In that case, turn the router into a bridge and have pfSense do the PPPoE login. just some thoughts…

    I have 2 Public… Only one is PPPoE {ATT DSL} the other is DHCP Comcast. I get a Public IP from it.
    It does seem the ATT DSL gives me a Private IP Address.

    I am still a bit confused. With how to setup Load Balancers and the Firewall rules.

    I get a gateway of 192.168.0.1 on the ATT modem, but the IP is 192.168.1.64 if I ssh to the pfSense
    box I cannot ping the gateway {192.168.0.1}

    On the Cable modem side I can see the Public IP address and its gateway.

    Please advise.



  • If you want to have any incoming services through the DSL (like remote access to a machine on your internal network, etc), my suggestion would be to run 1.0.1 release (not a snapshot). That way you could connect the DSL to WAN, run PPPoE directly (with your username@ameritech.net and password), connect the Cable to OPT1, then create a LB pool with WAN and OPT1. To run PPPoE on the pfSense box you will need to change the Ameritech router to a bridge. This varies by router- Netopia usually has howto docs on their site for this. If you don't need any incoming services, you could just use the private IP the DSL router gives you and uncheck the 'block private networks' box on the interface. In that case, use a snapshot, cause the loadbalancer creation is much nicer in the snapshots.



  • Ok I have the ATT DSL set on WAN and it is configured to give Public IP address.
    Comcast is Opt1

    So both DSL and CABLE give me a Public IP address.

    I have pfSense set to do the PPPoE sign on.

    So I think only one NAT (pfSense) will take place now.

    Any advice?



  • @dotdash:

    If you want to have any incoming services through the DSL (like remote access to a machine on your internal network, etc), my suggestion would be to run 1.0.1 release (not a snapshot). That way you could connect the DSL to WAN, run PPPoE directly (with your username@ameritech.net and password), connect the Cable to OPT1, then create a LB pool with WAN and OPT1. To run PPPoE on the pfSense box you will need to change the Ameritech router to a bridge. This varies by router- Netopia usually has howto docs on their site for this. If you don't need any incoming services, you could just use the private IP the DSL router gives you and uncheck the 'block private networks' box on the interface. In that case, use a snapshot, cause the loadbalancer creation is much nicer in the snapshots.

    Thank you so much for your help on this.

    Ok I have set the DSL to bridge and all is well with it set as WAN. I am here now via it.

    I have Web/EMAIL/Chat/VoiceChat/ server that will need to be accessible from the my
    private network.

    So now I setup the LB - I am not sure what to monitor - ISP gateway?



  • I originally did a traceroute through my DSL and was pinging one of the ATT core routers, but they turned off ICMP on me, so now I just monitor the gateway of the PPPoE connection. In my case the WAN is 10.20.30.174 and the gateway is 10.20.30.254. Probably the DSLAM. It's been working fine for me. The new lb code is much easier to figure out- you can just pick the interface from a drop-down and point it to 'WAN gateway' etc. BUT the new code chokes on the PPPoE connection due to the goofy subnet mask… You could probably just use the gateway the cable pulls too, I'm not that familiar with cable tho.


Log in to reply