Multi-WAN (Comcast Business/U-Verse) - How to do inbound on both??

  • I'm a newbie at pfSense and really do my best to do my research without bugging you experts, but I'm stumped.  I've had pfsense up and working about a year without a question so I'm try :-).

    I'm currently using PfSense Version: 2.0.1.  I have a dedicated HW server with 6 Nics - 3 WAN, 3 LAN (mostly due to 3 XBOX's on the network that need XBOXLIVE - I'm sure there is a better way).  I have 2 WAN connections (Multi-WAN Setup) U-Verse and Comcast Business (5 static IP addresses each).  A gateway group is configured and both gateways set to Tier 1.  However, no default as been selected.  I can set either gateway to be the default and all traffic flows out perfectly either way.  DNS settings have both DNS servers of both WANS.  Due to using a gateway group, I have all WAN connections gateways set to none.

    Here is my issue:

    I had U-verse first and setup internal servers with associated NATs and Rules to access them from the internet (via 2 static IP addresses) - for Exchange 2010 and a webserver.  Now that I have this new setup in place, to take advantage of the multi-wan load balanced internet connection, what do I need to do in pfSense to regain access to the internal servers with U-verse and also be able to use the static ip addresses that come with Comcast?  Now, when I go to and see what public IP I am using, it shows me the comcast public static IP and I can test and see inbound connections via the single comcast public static IP I have setup so far.  Since the gateway is roundrobin, I guess, I will get a random GW.  However, only when I go in and force the Uverse GW to be the default do all the uverse public static IP's allow inbound connections again.  Conversely, when I do that, I am unable to setup and see any inbound connections from the comcast connection.

    Help!  I am open to all suggestions.

    Thanks in advance


  • I have a similar setup and went through the same exercise.  However, I migrated over all of my inbound connections to the static IPs on the business side.  If you want to do all of this balancing and round robin, you have some work ahead of you.

    First, create an Interface Group for both WAN connections.  Interfaces->(assign)->Interface Groups.  This will help you when you create one set of rules for both WAN interfaces.  No need to create the same list twice.

    Now create a Gateway group for both interfaces, and each should be set to the same tier (Tier 1 is set by default, I think).  When you set them at the same tier they load balance as well as acting as a failover.  System->Routing->Gateway Groups.

    You should now be able to go into your firewall and all the rules to the newly created Interface Group.  Open a rule, change the interface to the group and that should take care of it. (

    I opted to segment out my LAN into two separate networks–10.0.1.x/24 and 10.0.2.x/24.  The former is for the residential stuff and the latter for the business stuff.  All LAN connections, receive a residential DHCP lease and route through that gateway and the business network is all static IPs with no DHCP.  The reason I did it this way is because my ISP (cable company) will allow you to watch TV on an iPad but only through the residential IP address.  I didn't need TV/Phones for the business, so I don't have that feature.

    That should give you at least the basics to get you started in your multi-WAN adventure.

Log in to reply