2 WAN AND 1 LAN WITHOUT BALANCING



  • Hi, I have 2 wan (wan1, wan2)interfaces and one Lan interface, I need divide the LAN into 2 groups,
    the first group to the wan1 and the second group to the wan2.

    like this:

    group 1
    ip: 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.104 to WAN1

    group 2
    ip: 192.168.1.111,192.168.1.112,192.168.1.113,192.168.1.114 to WAN2

    I need the rules or the steps to do it.
    My server have 3 interfaces: wan1,wan2, lan.

    I have tried everything and No results.

    Please help me.

    Thanks in advance.



  • create aliasses (firewall –> aliases) and create your groups of hosts.

    then create a rule on the lan-tab with source (alias_X) and choose Gateway_X, create a second rule with source (Alias_Y) and choose Gateway_Y
    dont forget to remove/disable/override the default any-to-any rule ;)

    enjoy



  • @heper:

    create aliasses (firewall –> aliases) and create your groups of hosts.

    then create a rule on the lan-tab with source (alias_X) and choose Gateway_X, create a second rule with source (Alias_Y) and choose Gateway_Y
    dont forget to remove/disable/override the default any-to-any rule ;)

    enjoy

    Thanks you are the best.



  • Sorry, i have another question…

    Can i use squid (no transparent) to block/allow several sites with this configuration?

    i have the 2 groups and work fine, but i need a proxy.
    if all machines pass thru the proxy then the wan, the division is useless?

    example
    proxy = 192.168.2.1
    m1 = 192.168.2.20
    wan = 100.120.20.35
    wan2 = 100.200.15.32

    /->Wan1   
    m1 -> Proxy -|
                      ->Wan2
    is this correct?



  • using a proxy would work to block certain sites (see squidguard).

    But as you noted: running all through the proxy would render the firewall rules useless to devide the traffic over the WANS (for http/https traffic atleast. other protocols would still work)



  • @heper:

    using a proxy would work to block certain sites (see squidguard).

    But as you noted: running all through the proxy would render the firewall rules useless to devide the traffic over the WANS (for http/https traffic atleast. other protocols would still work)

    Thanks.
    But i need the 2 groups for all protocols including http/https.
    Thanks again.


Log in to reply