Dynamically bind traffic to specific interface, Dual WAN, 1 lan
-
Hello everyone, here is my setup. 1 lan, 2 wan, i want to use WAN1 for all everyday traffic in and out, and i want to use wan2 (OPT1) for specific incoming/outgoing ftp (pasv) and torrent traffic. However, i don't necessarily want all LAN ftp client traffic going out on OPT1, only specific traffic triggered by the initial connection port. If it wasn't for pasv mode using multiple ports i wouldn't have a problem but because of that, and also the fact that torrent traffic also uses multiple undefined ports i am unsure of how to do this short of setting up a proxy. Unfortunately none of the proxy servers i have found are capable of binding to a specific interface, and sense my WAN ip's are dynamic none of them will work. Thanks for any help and i'm sorry if my description is a little hard to follow.
-
Policy based routing. If the packet comes from xx.xx.xx.xx then send it out THIS gateway.
Implemented on pfSense using PASS firewall rules and specifying the gateway on them.
-
Thank you for the reply. I figured out how to get it working using static ip addresses, but how do i set it up to work with dns for dynamic ip's? Or if that isnt possible can i do an ip range? I tried but it said invalid.. Thanks!
oh also, is there any way to route torrent traffic through the the OPT1 interface as well? And if so do i have to use a client that limits itself to one port? If not how do i account for the random port range it will be using? Is the software smart enough to route torrent traffic independent of port?
-
oh also, is there any way to route torrent traffic through the the OPT1 interface as well? And if so do i have to use a client that limits itself to one port? If not how do i account for the random port range it will be using? Is the software smart enough to route torrent traffic independent of port?
You have to use specific ports.
I dont understand what you mean when you ask about dns/dynamic ips.
-
But how do i set it up to work with dns for dynamic ip's?
If it always the same machine, it will likely always have the same address, you can extend the lease time. Or you can pre-register the MAC address to fix the IP address.
oh also, is there any way to route torrent traffic through the the OPT1 interface as well? And if so do i have to use a client that limits itself to one port? If not how do i account for the random port range it will be using? Is the software smart enough to route torrent traffic independent of port?
Torrent is hard, I run torrent on 1 machine that is locked into one wan
http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#Supporting_bittorrents- you could run it in a VM if you don't want to lock the whole machine, or you could multi-home the machine and direct all the traffic through a special address if you can set it up in your operating system.
-
I have a setup very similar, I have a cable connection (WAN) for everyday web browsing and the likes and a DSL (OPT1) for torrents and other large downloads.
By default everything goes through OPT1 and then I selectively pick the stuff that should go through WAN, everything outgoing destined for port 80 (HTTP), 443(HTTPS), 1863(MSN) goes through the WAN link, furthermore any large downloads via HTTP, I route them through the OPT1 link by their destination IP address
So basically with torrents and their broad range of ports, I just assume that if anything isn't specifically defined as anything else to be torrent traffic. More rules can be added to define other traffic like email, games, etc. but that comes down to your own needs
I got a Rules table that looks like this -
Proto Source Port Destination Port Gateway TCP Lan net * 68.142.79.231 * OPT1 TCP Lan net * 68.142.79.239 * OPT1 TCP/UDP Lan net * * 80 (HTTP) WAN TCP/UDP Lan net * * 443 (HTTPS) WAN TCP/UDP Lan net * * MSN WAN * Lan net * * * OPT1 -
Thanks for the help guys. I ended up just running win2k in vmware and routing all its traffic through opt1 for torrents.