[Solved] multiple wan and multiple lan, i want each lan to use different wan
-
See the solution here
Hello Forum
I browsed around for a couple of days trying to gather all the information, but I still can't get it to work, assistance is greatly appreciated.
I am having trouble getting LAN2 to route through WAN2.
LAN2 is able to ping the IPs on WAN2: 192.168.30.1 and 192.168.30.128, and that is as far as it goes. I know for sure that there is internet access to on the WAN2 subnet.Here is what I am trying to do, I want each LAN connection to use their own WAN. I am not doing failovers here. I just want each lan network interface to have their own routes.
And here are the live settings:
Please let me know how I can get this to work or if you need more information.
Thank you.
-
Well you are almost there.I would use advanced outbound NAT and have at least 2 entries.
10.0.0.1/24 - WAN1
10.0.1.1/24 - WAN2Then your firewall default allow rule for LAN uses gateway WAN and LAN2 default rule uses WAN2 as its gateway.
-
Hi podilarius, I tried what you said….still not having much luck
The routing table is hard to read with all those different link # aliases
-
don't forget to set the gateway option in each of your firewall rules (for LAN and LAN2).
-
Hello podilarius, thanks for the input.
I did as you said, created firewall rules with a gateway entry….still not much luck.
This machine is connected to LAN2, even before adding those firewall rules, the results were the same. I can ping the gateway, I can get an external ip from local DNS, but I cannot reach out to the internet, its like the route never gets created
lolinternet@ubuntu:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:d4:76:e6
inet addr:10.0.1.3 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed4:76e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:67 errors:0 dropped:0 overruns:0 frame:0
TX packets:392 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7118 (7.1 KB) TX bytes:39336 (39.3 KB)
Interrupt:19 Base address:0x2000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)lolinternet@ubuntu:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.1.1 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 1 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
lolinternet@ubuntu:~$ ping 192.168.30.1
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
64 bytes from 192.168.30.1: icmp_req=1 ttl=127 time=0.580 ms
64 bytes from 192.168.30.1: icmp_req=2 ttl=127 time=0.452 ms
64 bytes from 192.168.30.1: icmp_req=3 ttl=127 time=0.399 ms
^V64 bytes from 192.168.30.1: icmp_req=4 ttl=127 time=0.366 ms
^C^
–- 192.168.30.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.366/0.449/0.580/0.082 ms
lolinternet@ubuntu:~$ ping google.ca
PING google.ca (74.125.226.19) 56(84) bytes of data.
^C
--- google.ca ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7000mslolinternet@ubuntu:~$
Here are the configs for WAN2 and LAN2
WAN2:
LAN2:
Routing table:I read some freeBSD docs that basically said that the Link# refers to the ethernet port #, but I still can't figure out how to read the routing table to describe how to read a route. In the routing table the Netif always matches the Link #, sometimes the link # will have a localhost lo0 Netif…..........
-
1º In "Gateways" remove LAN2GW
2º In Firewall Rules remove the WAN2 Rule
3º Modify the LAN Rule "Default allow LAN to any rule" and set the GW that you want to use for LAN
Now you must be able to browse the net
-
@ptt:
1º In "Gateways" remove LAN2GW
2º In Firewall Rules remove the WAN2 Rule
3º Modify the LAN Rule "Default allow LAN to any rule" and set the GW that you want to use for LAN
Now you must be able to browse the net
1º
2º
3º
results are still not successful
lolinternet@ubuntu:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:d4:76:e6
inet addr:10.0.1.3 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed4:76e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:524 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3349 (3.3 KB) TX bytes:54628 (54.6 KB)
Interrupt:19 Base address:0x2000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)lolinternet@ubuntu:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.1.1 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 1 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
lolinternet@ubuntu:~$ ping 192.168.30.1
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
64 bytes from 192.168.30.1: icmp_req=1 ttl=127 time=0.629 ms
64 bytes from 192.168.30.1: icmp_req=2 ttl=127 time=0.447 ms
64 bytes from 192.168.30.1: icmp_req=3 ttl=127 time=0.386 ms
64 bytes from 192.168.30.1: icmp_req=4 ttl=127 time=0.482 ms
^C
–- 192.168.30.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.386/0.486/0.629/0.089 ms
lolinternet@ubuntu:~$ ping google.ca
PING google.ca (74.125.226.18) 56(84) bytes of data.
^C
--- google.ca ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5041mslolinternet@ubuntu:~$
-
Ping Form your pfSense WAN2 ( Diagnostics –> Ping )
-
I get no reply when pinging from the WAN2 interface.
I know for sure that the network WAN2 is connected to is fine because when i plug any computer to it, i get an address from dhcp and it can get on the net.
I've configured WAN2 to configure itself by DHCP
-
Try hard setting all the WAN IP addresses.
-
BIG THANK YOU TO PODILARIUS & PTT.
I got it to work on real hardware as opposed to VMs and it works.
I am going to write a little how to maybe this can help people.
-
lolinternet - Have you written a how to on this yet? I am doing a very similar thing. I have ATT business DSL and Comcast internet. I have 2 WAN and 3 LAN's. Lan 1 and 2 are running through WAN1 which is my ATT DSL service. They are working fine. I cannot get Lan 3 to route through Wan 2. I can ping from Wan 2's interface fine. I am obviously missing a step somewhere. I have my outbound nat set up correctly, the gateway is added in my firewall rule for Lan 3, but i get no ping results if I ping from the Lan 3 address.
-
Working on it…
-
DOCUMENTATION
This is a simple howto. The firewall is not at all locked down, this is to get things up and running.
To give you an idea, here is the dashboard. All my WAN interface reside in private address space.
1) NIC CONFIGURATION
Assign your ports:
Go to Interfaces->WAN
Notice that I unchecked "Block private networks" as my wan is connected to a private address subnet. I set the ip to static. Also because I am using a static IP, I had to set the gateway manually
Let's configure the second WAN interface, in my case WAN_BCE0
The LAN interfaces , note that I renamed my interface through the Description which is under General configuration. Static IP has been set so that DHCP server may run on this interface
2) DHCP SERVER Go to Services->DHCP server. DHCP server should be disabled on all WAN interfaces but must be enabled on LAN interfaces
**3) VERIFY ROUTINGGo to System->Routing only WAN interfaces should be there, if you see anything other than WAN interfaces in there, remove them. Most of the time this fills in correctly, if anything is missing add it in**.
**4) FIREWALL: Rules
Go to Firewall->Rules
The WAN is the default gateway, this is the default setting, no modification made**
**By default LAN_IGB0_BDOMAIN4 will be using WAN as its gateway, I didnt do any firewall configuration there
I did not need to enter any firewall rules for WAN_BCE0
However, for LAN_IGB1_BDOMAIN3 to get internet access through WAN_BCE0, firewall rules needed to be added and the Gateway was set
And the final product in the firewall rules summary:
- TESTING
Plug a computer at each LAN nic port and do some traceroutes and pings, refer to beginning of thread to see troubleshooting tips.**
 - TESTING
-
Nice,
Can you also post your outbound NAT rules if they are advanced? -
No Firewall: NAT rules were created or generated