2.01, simple load balance two PPPoE to same ISP

  • In general this appears simple to configure, but I don't know what needs to be done for the last step.

    As with my multilink PPP / VLAN experiment, it appears the WAN interface created during the initial setup should not be used since it is going to be replaced by the gateway group later. So assign it to a nonexistent VLAN just to make the initial configuration process go smoothly, and remove it completely later.

    NetGear ProSafe GS105E (cheapest 5-port switch currently available that supports 802.1Q VLANs)

    Easy 802.1Q VLAN config:

    • Port 1 - VLAN: 1

    • Port 2 - VLAN: 2

    • Port 3 - VLAN: 3

    • Port 4 - VLAN: 4

    • Port 5 - VLAN: ALL

    pfsense 2.01 initial install:

    • Will you be using VLANs? Yes

    • create -> em0 -> VLAN 1

    • create -> em0 -> VLAN 2

    • create -> em0 -> VLAN 3

    • create -> em0 -> VLAN 4

    • create -> em0 -> VLAN 5 (no assigned ports)

    Assign interfaces:

    • WAN -> em0_vlan5

    • LAN -> em0_vlan4

    • OPT1 -> em0_vlan1

    • OPT2 -> em0_vlan2

    • OPT3 -> em0_vlan3

    Web GUI setup:

    Skip the wizard, click on logo

    Interfaces -> OPT1
      Type: PPPoE
      Username / password of first DSL account

    Interfaces -> OPT2
      Type: PPPoE
      Username / password of second DSL account

    System -> Routing -> Groups -> Add
      Name: TWO_PPP
      Gateway priority:
        WAN - None
        OPT1 - Tier 1
        OPT2 - Tier 1
      Trigger level: member down (default)

    Interfaces -> WAN

    At this point it is unclear what else I need to do.

    • There is no firewall rule tab for the "TWO_PPP" gateway group. Can't do anything with it.

    • OPT1 has no firewall rules.

    • OPT2 has no firewall rules.

    The default LAN rule "Default allow LAN to any rule" seems like it should just automatically direct everything to the gateway group, with the WAN interface disabled. Though, unknown.

    Do I need to change this default LAN rule to explicitly point to the gateway group, like this:
    (The following will retain the original rule but disable it, as a backup copy.)

    Firewall -> Rules -> LAN
      For rule "Default allow LAN to any rule"
        Add new rule based on this one
          Description: Allow LAN to load balancer
          Advanced features -> Gateway

    Which looks like this:

    I do not yet have the second DSL line installed to know if this configuration will be correct.

  • You seem to have all the right configuration options.
    Since you are using VLANs instead of actual NICs, you will need to double check your switch configuration. It needs to have a trunk port to the pfSense box with all the VLAN IDs. The rest of the ports also need to be properly configured with a single VLAN for their respective connections.

    Yes, you need to explicitly specify the LAN side rule to send traffic to the TWO_PPP Gateway.

  • Let try 1 wan connect with pppoe and another is dhcp from your modem.

