1 LAN / 2 WAN, the best way to manage traffic



  • Hello everyone, sorry for the ignorance but pfSense is a new world for me …
    Let me explain in short what is my scenario and what is my goal.
    WAN1 (ADSL 7Mbit/512Kbit) this line is used by default for navigation, being the fastest in download
    WAN2 (2Mbit symmetrical HDSL) on this line are active 3 VPN, being the fastest in upload

    My main objective is:
    divert on WAN2 all the following traffic (obviously giving priority to VPN):
    FTP active and passive input and output
    SMTP, POP3 and IMAP

    The attempts I did not brought me anywhere, in fact FTP connections were timing out ...
    What rules should I create?



  • First, please explain your previous attempts in detail. Second, what you are trying to achieve is doable, has been done many times even with more complex setups (Traffic Shaping with 4 WAN connections comes to mind rather than port based routing), but as I said we need more detail because we don't know what you did, thus don't know what you've potentially done wrong.



  • Ok, see the attached file for the 2 LAN rules I've tried…
    I always receive timeout error with the put and get FTP commands.
    thank you very much for interesting!




  • My intention is to release the FTP traffic on WAN2, not to leave the server on WAN2 regardless of the type of traffic.
    Alternatively, I also tried to get him to do the work direction, reversing the default gateway and routing Internet traffic on WAN1:

    WAN2 (default gateway)> FTP, SMTP
    WAN1> HTTP and HTTPS

    firewall rule on the LAN:

    Proto Source  Port Destination Port        Gateway  Queue  Schedule Description
    TCP  LAN net  *    *                443 80  WAN1GW  None                  Forward Internet traffic on WAN1

    but this rule has not had any effect, internet traffic continued to go out on defalut WAN2 gateway.
    Perhaps the reason lies in the services squid, squidguard and HAVP?



  • @paccatore:

    Perhaps the reason lies in the services squid, squidguard and HAVP?

    Yes, squid has been an issue for me when working with VPN connections, so it could be too in your case. Turn squid off for a while and see what happens.

    Please read this thread because first it could teach you a lot and second answer many of your questions right away.

    Also, take a quick look here, but I have to say there is a more elegant way of achieving the goal, namely this one:



  • In the meantime I tried to disable squid and squidguard services, but after 2 seconds they restart automatically.
      ::)?? ::)??


Log in to reply