Multi WAN and internet facing services

  • I have a somewhat complicated setup…
    Basically 2 adsl modems, each with its own separate connections and both terminating into an internal network (192.168.1.x)... In this internal network sits a pair of pfsense boxes, which then route to another internal network (192.168.2.x) where everything happens. These boxes also route to a couple of other internal networks.

    PFSense is configured to fail the connection over from one modem to the other, should the first one fail. This part of the setup works extremely well, when one line goes down it switches to the other as expected.

    The ADSL modems are both doing NAT, the internal pfsense boxes are just routing, and the adsl modems know to send traffic to/from 192.168.2.x via the pfsense CARP address.

    The problem i have is with port forwarded connections. I have ports 80 and 443 on both adsl modems forwarded to a box on 192.168.2.x, however inbound connections only work over whichever connection is currently the primary, and according to tcpdump although the traffic comes in correctly via the secondary modem, pfsense is sending it out again via the primary modem.

    I have tried opening additional ports on the web servers and using policy based routing, eg any traffic to webserver on port 81 goes via gateway 1, any traffic to webserver on port 82 goes via gateway 2 but this doesn't seem to be working.

    Anyone have any other suggestions?

Log in to reply