Multi-Wan Multi-Gateway Multi-Local-Gateway



  • So, this may not be possible but here is what I want to do:

    I already have 2 Wan connections (Wan1 and Wan2) each on different gateways.
    Have 2x Local Gateways on the same Pfsense box (2.1): 192.168.0.1 and 192.168.0.2
    192.168.0.1 routes traffic through Wan1 only and is assigned by DHCP
    192.168.0.2 routes traffic through Wan2 only

    So, routing through Wan2 on your local PC is as easy as changing your gateway on that PC.  Possible?



  • If you want to forward a internal ip from pfsense lan to wan2, just create a firewall rule and set gateway you want.



  • @marcelloc:

    If you want to forward a internal ip from pfsense lan to wan2, just create a firewall rule and set gateway you want.

    Setting a firewall rule only seems to work for static IP addresses on your network, not for Virtual IP Aliases for your firewall (at least not that I can figure out).  I want people to be able to switch things on their own, not have to call me up every time they want to run through the second internet connection.



  • Switch a gateway That is after a gateway(pfsense) will not be That easy(or possible).

    A load balance can balance automatically based on load or link response, But client could not specify the gateway he wants.

    One workaround could be a proxy configured on this pfsense to forward traffic o wan1 and lan rules on lan That forward traffic to wan2.
    If the user wants link1, enable proxy on browser. If not, just unselect proxy and use firewall rule to route to link2.



  • @marcelloc:

    Switch a gateway That is after a gateway(pfsense) will not be That easy(or possible).

    A load balance can balance automatically based on load or link response, But client could not specify the gateway he wants.

    One workaround could be a proxy configured on this pfsense to forward traffic o wan1 and lan rules on lan That forward traffic to wan2.
    If the user wants link1, enable proxy on browser. If not, just unselect proxy and use firewall rule to route to link2.

    So, what you are saying is that this is no way to route a virtual IP for the firewall to a specific gateway? (Such as Wan2 instead of Wan1)

    Yeah, I considered the Proxy solution… it could work but wasn't what I was looking for.



  • Not possible because the firewall has no concept of what IP the client is routing to, it's impossible to tell. It's not routing to an IP, it's routing to a MAC address, which is the same either way. Even if it weren't, there isn't a way to differentiate by destination MAC. If you're making people go to the trouble of changing their gateway IP, might as well make them change their system's IP instead, have one that goes out one WAN and one out another.


Log in to reply