Q: 2 WAN with same gateway not possible?

FreddyAV

This is my fourth post on the forum so it is probably time to say that I really do appreciate all the fine work which has gone into make pfSense this great!

Onto my question:

<semi related="" rambling="">I have a multi-interface mini-itx box which I am trying to set up with 2 WANs (and the redirect everything on one external IP to 1 IP on the LAN, but thats an other story). Thing is that I only have one ISP/internet connection. My internet connection assigns me external IPs by DHCP (thus both WANs are DHCP) but I always get the same gateway for both WAN ports and it seems I can't get trafic to go through one of the WANs in this setup. Looking at the routing table there is only one route to the gateway and it is associated to one specific WAN interface at a time it seems. I tried adding a new route to the internet via the same gateway for the other WAN but I have had no success in my endeavors. Staying up all night and trying to get this to work is affecting my ability to perform my day-time job ;) so I must ask:</semi>

Is a setup with 2 WANs using the same gateway not supported in pfSense 2.0?
Will it ever be? When?
Am I correct in that this is a routing issue or am I looking in the wrong place?

If it is supported, what material can I read on this subject?

TIA!
Cheers!
FreddyAV

Metu69salemi

@FreddyAV:

Is a setup with 2 WANs using the same gateway not supported in pfSense 2.0?
Will it ever be? When?
Am I correct in that this is a routing issue or am I looking in the wrong place?

Little search box would also help with this ;)
But to answer. no it's not supported, if you have same gateway on both wan links, then you should nat the other connection. I think it would be never supported in 2.0.

FreddyAV

Thanks for your reply!

Yeah, search seems easy enough some times but to be honest it took me three full nights  :-[ (minus some time to fiddle with my pfSense install) to find this old post: [url=http://forum.pfsense.org/index.php/topic,10069.0.html]http://forum.pfsense.org/index.php/topic,10069.0.html which explicitly spells out that it is currently not possible to have two WANs with same gateway.

From that topic (and some others), I understand the problem to be:
a) routing related
b) dependent on pf and FreeBSD not using IF or mac address of IF to decide "way out", instead it uses IP???

From the link above it seems that this would be a quite major undertaking with either kernel changes or very "hackish" and ugly ways of fixing it, but…

these 2 links:
http://forums.freebsd.org/showthread.php?t=8032
and
http://www.daemonforums.org/showthread.php?t=4610
seem to me to suggest that there are already ways of doing this in pf / FreeBSD (even from version 7.1 or something). Did I understand everything correctly or not?

Cheers!

jimp

Both of those links are for multiple gateways that are different (which we already support)

It is possible with PPPoE in 2.0.1.

On other types of interfaces, having the same gateway IP/MAC on multiple interfaces will not work as-is, but there are some ideas in the works to try. FreeBSD's support for ECMP is promising, but making that work with pf may be a bit of a challenge, if it's even possible.

hyrol

PFSense 2.0.1
I have problems in multi-wan (PPPoE) gateway same, only one WAN (Online) other WAN (gathering data).

Example
WAN1 –--- IP : 175.215.12.122
                  Gateway : 175.211.14.276
                  (gathering data)

WAN2 ----- IP : 176.215.14.133
                  Gateway : 175.211.14.276
                  (gathering data)

WAN3 ----- IP : 176.215.13.132
                  Gateway : 175.211.14.276
                  (online)

only WAN3 working.

Floh

Hi, I have same problem. pfSense only use WAN1 because WAN2 has same Gateway.

Solution is said: Use NAT on other Gateway, but… not nice.

Is it possible to create a virtual NIC on pfSense? If so, I could use this as NAT.

LAN -> WAN2 -> NAT with virtual NIC -> Gateway of ISP (same GW for WAN1)

Idea?

jimp

No because you'd have the same issue, there would still be two NICs with the same gateway on the firewall, you'd just be adding an additional layer of complexity without gaining anything, plus you'd still be in the same situation with doing NAT before the additional WAN.

Floh

So that means a NAT-Router between WAN2 and Cablemodem is the only solution.

Do someone know the ticket for this issue? Maybe any Information when this will be done?

Thank you!

jimp

It's a limitation of the OS, and it's possible it may never be properly solved for these cases. We have looked at things like ECMP but there are issues with almost every method.

Search around the forum, it's been discussed dozens if not hundreds of times over the years.