How do I specify LAN IP to specific WAN and other port traffic to specific WAN?



  • Apologizes up front; I'm new to pfSense trying to learn the capabilities and how to explore them. I have read a lot in the forums, lots of information but it may be a case of information overload in my case (or not looking in the right spot). I have not been able to find exactly what I'm looking for; my head is about to explode with all the information!

    I have two separate ISP connections. My plan is to setup dual WAN load balanced. I've found lots of good setup instructions for doing this; so, currently no questions on this.

    My questions are around how to properly setup a few things. I will provide a very simple and clear scenario (I hope) using familiar ports (80, 21) to illustrate what I'm trying to attempt.

    Single LAN; will setup IP to each computer on the LAN by MAC (hopefully pfSense can do this).

    WAN 1 and WAN 2

    LAN
    CPU A: 192.168.1.200
    CPU B: 192.168.1.201
    CPU C: 192.168.1.202
    CPU D: 192.168.1.203

    Setup Questions:

    • I would like to have all traffic from CPU A go to WAN 1 only.

    • I would like to have all traffic from CPU B go to WAN 2 only.

    • CPU C and D should be balanced between WAN 1 and WAN 2.

    I will have a few more CPU setup to go to WAN 1 or WAN 2 specifically as well as a few more CPU balanced.

    however

    • I would like all traffic on port 80 to go through WAN 1 (with exception of CPU B; as noted above CPU B should go to WAN 2 always)

    • I would like all traffic on port 21 to go through WAN 2 (with exception of CPU A; as noted above CPU A should go to WAN 1 always)

    Is this setup possible? If so, could someone show me a few screen-caps or instructions on how this could be setup?

    Thanks in advance for any help possible; very much appreciated.



  • You can do this:

    LoadBalancing:
    You setup a group with WAN1 and WAN2 both Tier 1. This is LoadBalancing.

    Static IP for LAN Clients:
    Add the MAC address of the client to the DHCP server static mapping. So the client will always get the same IP. Do this for your "CPUs"

    The rest will be done with simple firewall rules. Firewall rules will be processed from TOP to BOTTOM. First rule that matches will be used.
    This order will probably do what you like:

    First:
    source-ip/port: IP of CPU A
    destination-ip/port: any
    Gateway: WAN1

    Second:
    source-ip/port: IP of CPU B
    destination-ip/port: any
    Gateway: WAN2

    Third:
    source-ip/port: any
    destination-ip: any
    destination-port: 80
    Gateway: WAN1

    Fourth:
    source-ip/port: any
    destination-ip: any
    destination-port: 21
    Gateway: WAN2

    Fifth:
    source-ip/port and destination-ip/port: any
    Gateway: Your LoadBalance Group

    That's all!



  • Looks straight forward and simple. Thanks! I will be setting up this week; will give this a shot. Much appreciated for quick response.



  • @Nachtfalke:

    You can do this:

    LoadBalancing:
    You setup a group with WAN1 and WAN2 both Tier 1. This is LoadBalancing.

    Static IP for LAN Clients:
    Add the MAC address of the client to the DHCP server static mapping. So the client will always get the same IP. Do this for your "CPUs"

    The rest will be done with simple firewall rules. Firewall rules will be processed from TOP to BOTTOM. First rule that matches will be used.
    This order will probably do what you like:

    First:
    source-ip/port: IP of CPU A
    destination-ip/port: any
    Gateway: WAN1

    Second:
    source-ip/port: IP of CPU B
    destination-ip/port: any
    Gateway: WAN2

    Third:
    source-ip/port: any
    destination-ip: any
    destination-port: 80
    Gateway: WAN1

    Fourth:
    source-ip/port: any
    destination-ip: any
    destination-port: 21
    Gateway: WAN2

    Fifth:
    source-ip/port and destination-ip/port: any
    Gateway: Your LoadBalance Group

    That's all!

    where are setup this rules?

    which in Floating wan lan wan2 ?


  • Rebel Alliance

    That Rules go on LAN Tab, for more info, check the Docs  ;)

    http://doc.pfsense.org/index.php/Main_Page



  • @ptt:

    That Rules go on LAN Tab, for more info, check the Docs  ;)

    http://doc.pfsense.org/index.php/Main_Page

    thanks..  ;)



  • is this setup is possible for redirecting my yahoo messenger to my WAN.. coz i noticed its taking much bandwidth in my OPT1…coz my wan is for browsing and my opt1 is for my online games...everytime they using YM it becomes too lag ...

    thanks in advance

    YM voice chat port = TCP 5000-5001 UDP 5000 - 5010
    YM message port = TCP 5050
    YM webcam port = TCP 5100

    FIREWALL=RULES=LAN

    interface =
    protocol =
    source =
    destination =
    gateway =


Log in to reply