• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] multiple wan and multiple lan, i want each lan to use different wan

Scheduled Pinned Locked Moved Routing and Multi WAN
16 Posts 4 Posters 7.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lolinternet
    last edited by Dec 26, 2011, 11:43 PM Dec 10, 2011, 2:57 PM

    See the solution here

    Hello Forum

    I browsed around for a couple of days trying to gather all the information, but I still can't get it to work, assistance is greatly appreciated.

    I am having trouble getting LAN2 to route through WAN2.
    LAN2 is able to ping the IPs on WAN2: 192.168.30.1 and 192.168.30.128, and that is as far as it goes. I know for sure that there is internet access to on the WAN2 subnet.

    Here is what I am trying to do, I want each LAN connection to use their own WAN. I am not doing failovers here. I just want each lan network interface to  have their own routes.

    And here are the live settings:






    Please let me know how I can get this to work or if you need more information.

    Thank you.

    1 Reply Last reply Reply Quote 0
    • P
      podilarius
      last edited by Dec 10, 2011, 3:52 PM

      Well you are almost there.I would use advanced outbound NAT and have at least 2 entries.

      10.0.0.1/24 - WAN1
      10.0.1.1/24 - WAN2

      Then your firewall default allow rule for LAN uses gateway WAN and LAN2 default rule uses WAN2 as its gateway.

      1 Reply Last reply Reply Quote 0
      • L
        lolinternet
        last edited by Dec 11, 2011, 1:58 AM Dec 11, 2011, 1:22 AM

        Hi podilarius, I tried what you said….still not having much luck

        The routing table is hard to read with all those different link # aliases

        1 Reply Last reply Reply Quote 0
        • P
          podilarius
          last edited by Dec 11, 2011, 4:19 AM

          don't forget to set the gateway option in each of your firewall rules (for LAN and LAN2).

          1 Reply Last reply Reply Quote 0
          • L
            lolinternet
            last edited by Dec 11, 2011, 3:49 PM Dec 11, 2011, 3:45 PM

            Hello podilarius, thanks for the input.

            I did as you said, created firewall rules with a gateway entry….still not much luck.

            This machine is connected to LAN2, even before adding those firewall rules, the results were the same. I can ping the gateway, I can get an external ip from local DNS, but I cannot reach out to the internet, its like the route never gets created

            lolinternet@ubuntu:~$ ifconfig
            eth0      Link encap:Ethernet  HWaddr 00:0c:29:d4:76:e6  
                     inet addr:10.0.1.3  Bcast:10.0.1.255  Mask:255.255.255.0
                     inet6 addr: fe80::20c:29ff:fed4:76e6/64 Scope:Link
                     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                     RX packets:67 errors:0 dropped:0 overruns:0 frame:0
                     TX packets:392 errors:0 dropped:0 overruns:0 carrier:0
                     collisions:0 txqueuelen:1000
                     RX bytes:7118 (7.1 KB)  TX bytes:39336 (39.3 KB)
                     Interrupt:19 Base address:0x2000

            lo        Link encap:Local Loopback  
                     inet addr:127.0.0.1  Mask:255.0.0.0
                     inet6 addr: ::1/128 Scope:Host
                     UP LOOPBACK RUNNING  MTU:16436  Metric:1
                     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
                     TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
                     collisions:0 txqueuelen:0
                     RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

            lolinternet@ubuntu:~$ route
            Kernel IP routing table
            Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
            default         10.0.1.1        0.0.0.0         UG    0      0        0 eth0
            10.0.1.0        *               255.255.255.0   U     1      0        0 eth0
            link-local      *               255.255.0.0     U     1000   0        0 eth0
            lolinternet@ubuntu:~$ ping 192.168.30.1
            PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
            64 bytes from 192.168.30.1: icmp_req=1 ttl=127 time=0.580 ms
            64 bytes from 192.168.30.1: icmp_req=2 ttl=127 time=0.452 ms
            64 bytes from 192.168.30.1: icmp_req=3 ttl=127 time=0.399 ms
            ^V64 bytes from 192.168.30.1: icmp_req=4 ttl=127 time=0.366 ms
            ^C^
            –- 192.168.30.1 ping statistics ---
            4 packets transmitted, 4 received, 0% packet loss, time 3000ms
            rtt min/avg/max/mdev = 0.366/0.449/0.580/0.082 ms
            lolinternet@ubuntu:~$ ping google.ca
            PING google.ca (74.125.226.19) 56(84) bytes of data.
            ^C
            --- google.ca ping statistics ---
            8 packets transmitted, 0 received, 100% packet loss, time 7000ms

            lolinternet@ubuntu:~$

            Here are the configs for WAN2 and LAN2

            WAN2:

            LAN2:

            Routing table:I read some freeBSD docs that basically said that the Link# refers to the ethernet port #, but I still can't figure out how to read the routing table to describe how to read a route. In the routing table the Netif always matches the Link #, sometimes the link # will have a localhost lo0 Netif…..........

            1 Reply Last reply Reply Quote 0
            • P
              ptt Rebel Alliance
              last edited by Dec 11, 2011, 8:37 PM

              1º In "Gateways" remove LAN2GW

              2º In  Firewall Rules remove the WAN2 Rule

              3º Modify the LAN Rule "Default allow LAN to any rule" and set the GW that you want to use for LAN

              Now you must be able to browse the net

              1 Reply Last reply Reply Quote 0
              • L
                lolinternet
                last edited by Dec 11, 2011, 11:48 PM Dec 11, 2011, 11:43 PM

                @ptt:

                1º In "Gateways" remove LAN2GW

                2º In  Firewall Rules remove the WAN2 Rule

                3º Modify the LAN Rule "Default allow LAN to any rule" and set the GW that you want to use for LAN

                Now you must be able to browse the net

                1º

                2º

                3º

                results are still not successful

                lolinternet@ubuntu:~$ ifconfig
                eth0      Link encap:Ethernet  HWaddr 00:0c:29:d4:76:e6  
                         inet addr:10.0.1.3  Bcast:10.0.1.255  Mask:255.255.255.0
                         inet6 addr: fe80::20c:29ff:fed4:76e6/64 Scope:Link
                         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
                         RX packets:30 errors:0 dropped:0 overruns:0 frame:0
                         TX packets:524 errors:0 dropped:0 overruns:0 carrier:0
                         collisions:0 txqueuelen:1000
                         RX bytes:3349 (3.3 KB)  TX bytes:54628 (54.6 KB)
                         Interrupt:19 Base address:0x2000

                lo        Link encap:Local Loopback  
                         inet addr:127.0.0.1  Mask:255.0.0.0
                         inet6 addr: ::1/128 Scope:Host
                         UP LOOPBACK RUNNING  MTU:16436  Metric:1
                         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
                         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
                         collisions:0 txqueuelen:0
                         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

                lolinternet@ubuntu:~$ route
                Kernel IP routing table
                Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
                default         10.0.1.1        0.0.0.0         UG    0      0        0 eth0
                10.0.1.0        *               255.255.255.0   U     1      0        0 eth0
                link-local      *               255.255.0.0     U     1000   0        0 eth0
                lolinternet@ubuntu:~$ ping 192.168.30.1
                PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
                64 bytes from 192.168.30.1: icmp_req=1 ttl=127 time=0.629 ms
                64 bytes from 192.168.30.1: icmp_req=2 ttl=127 time=0.447 ms
                64 bytes from 192.168.30.1: icmp_req=3 ttl=127 time=0.386 ms
                64 bytes from 192.168.30.1: icmp_req=4 ttl=127 time=0.482 ms
                ^C
                –- 192.168.30.1 ping statistics ---
                4 packets transmitted, 4 received, 0% packet loss, time 3001ms
                rtt min/avg/max/mdev = 0.386/0.486/0.629/0.089 ms
                lolinternet@ubuntu:~$ ping google.ca
                PING google.ca (74.125.226.18) 56(84) bytes of data.
                ^C
                --- google.ca ping statistics ---
                6 packets transmitted, 0 received, 100% packet loss, time 5041ms

                lolinternet@ubuntu:~$

                1 Reply Last reply Reply Quote 0
                • P
                  ptt Rebel Alliance
                  last edited by Dec 12, 2011, 12:20 AM

                  Ping Form your pfSense WAN2  ( Diagnostics –> Ping )

                  Diag_Ping.PNG
                  Diag_Ping.PNG_thumb

                  1 Reply Last reply Reply Quote 0
                  • L
                    lolinternet
                    last edited by Dec 12, 2011, 4:55 AM

                    I get no reply when pinging from the WAN2 interface.

                    I know for sure that the network WAN2 is connected to is fine because when i plug any computer to it, i get an address from dhcp and it can get on the net.

                    I've configured WAN2 to configure itself by DHCP

                    1 Reply Last reply Reply Quote 0
                    • P
                      podilarius
                      last edited by Dec 12, 2011, 12:45 PM

                      Try hard setting all the WAN IP addresses.

                      1 Reply Last reply Reply Quote 0
                      • L
                        lolinternet
                        last edited by Dec 13, 2011, 12:37 AM

                        BIG THANK YOU TO PODILARIUS & PTT.

                        I got it to work on real hardware as opposed to VMs and it works.

                        I am going to write a little how to  maybe this can help people.

                        1 Reply Last reply Reply Quote 0
                        • A
                          arstacey
                          last edited by Dec 22, 2011, 8:38 PM

                          lolinternet - Have you written a how to on this yet?  I am doing a very similar thing.  I have ATT business DSL and Comcast internet.  I have 2 WAN  and 3 LAN's.  Lan 1 and 2 are running through WAN1 which is my ATT DSL service.  They are working fine.  I cannot get Lan 3 to route through Wan 2.  I can ping from Wan 2's interface fine.  I am obviously missing a step somewhere.  I have my outbound nat set up correctly, the gateway is added in my firewall rule for Lan 3, but i get no ping results if I ping from the Lan 3 address.

                          1 Reply Last reply Reply Quote 0
                          • L
                            lolinternet
                            last edited by Dec 26, 2011, 2:56 PM

                            Working on it…

                            1 Reply Last reply Reply Quote 0
                            • L
                              lolinternet
                              last edited by Dec 26, 2011, 3:46 PM Dec 26, 2011, 3:00 PM

                              DOCUMENTATION

                              This is a simple howto. The firewall is not at all locked down, this is to get things up and running.

                              To give you an idea, here is the dashboard. All my WAN interface reside in private address space.

                              1) NIC CONFIGURATION

                              Assign your ports:

                              Go to Interfaces->WAN
                              Notice that I unchecked "Block private networks" as my wan is connected to a private address subnet. I set the ip to static. Also because I am using a static IP, I had to set the gateway manually

                              Let's configure the second WAN interface, in my case WAN_BCE0

                              The LAN interfaces , note that I renamed my interface through the Description which is under General configuration. Static IP has been set so that DHCP server may run on this interface

                              2) DHCP SERVER Go to Services->DHCP server. DHCP server should be disabled on all WAN interfaces but must be enabled on LAN interfaces




                              **3) VERIFY ROUTING

                              Go to System->Routing only WAN interfaces should be there, if you see anything other than WAN interfaces in there, remove them. Most of the time this fills in correctly, if anything is missing add it in**.

                              **4) FIREWALL: Rules

                              Go to Firewall->Rules

                              The WAN is the default gateway, this is the default setting, no modification made**

                              **By default LAN_IGB0_BDOMAIN4 will be using WAN as its gateway, I didnt do any firewall configuration there

                              I did not need to enter any firewall rules for WAN_BCE0

                              However, for LAN_IGB1_BDOMAIN3 to get internet access through WAN_BCE0, firewall rules needed to be added and the Gateway was set

                              And the final product in the firewall rules summary:

                              1. TESTING
                                Plug a computer at each LAN nic port and do some traceroutes and pings, refer to beginning of thread to see troubleshooting tips.**

                              ![FireShot Screen Capture #001 - 'pfSense_sector001 - Status_ Dashboard' - 10_0_0_1.png](/public/imported_attachments/1/FireShot Screen Capture #001 - 'pfSense_sector001 - Status_ Dashboard' - 10_0_0_1.png)
                              ![FireShot Screen Capture #001 - 'pfSense_sector001 - Status_ Dashboard' - 10_0_0_1.png_thumb](/public/imported_attachments/1/FireShot Screen Capture #001 - 'pfSense_sector001 - Status_ Dashboard' - 10_0_0_1.png_thumb)

                              1 Reply Last reply Reply Quote 0
                              • P
                                podilarius
                                last edited by Dec 27, 2011, 5:37 PM

                                Nice,
                                Can you also post your outbound NAT rules if they are advanced?

                                1 Reply Last reply Reply Quote 0
                                • L
                                  lolinternet
                                  last edited by Dec 28, 2011, 4:23 AM

                                  No Firewall: NAT rules were created or generated

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                    [[user:consent.lead]]
                                    [[user:consent.not_received]]