MultiWAN and QoS and WiFi and…
-
Hey all,
Currently I am using pfSense as a MultiWAN loadbalancer and QoS on one PC.
Current set up is:
2 ADSL lines go in and 1 LAN goes out, this LAN goes to a switch that has two DD-WRT WLAN routers connected.
Currently the DD-WRT give out their own IP addresses etc. They are not very capable D-Link and TP-Link models.The pfSense Box is set up to QoS on the NIC that connects to the WLAN-Switch and has MultiWAN fo the 2 ADSL lines connected.
Life got much easier with this….
Now I would like to add more ADSL lines and more LANs to the set up, I do have an additional PC to help.
My idea is to connect all the LANs to one pfSense box and all the ADSL connections to a 2nd pfSense box.
I need to make sure though that all traffic from LAN 1 (office) get's the highest priority, LAN 2 (internet cafe) the second and LAN 3 (WiFi) the third. Also I want to apply traffic shaping (QoS) on LAN 3.
Do I need to do anything special to make sure that the traffic on LAN 1 stays private?Also I would like to take
loadoff the WiFi routers/APs, I tried to set up the current pfSense box as the DHCP server and the routers with DD-WRT as DHCP repeaters but when I did this the DD-WRT routers just vanished. Ideas?I am stuck in Bolivia with max 1.5mb ADSL connections, it is way cheaper for me to use two 1.5mb ADSL connections than one 2 mb connection.
Also we only have 3 (4) decent ISPs of which 1 (2) is/are reseller(s) of the others, so if one backbone goes down, nearly everyone is shut out.I'd love to save energy, but currently setting up various PC's to keep me online at decent speed for all my clients seems the best idea.
Any help would be appreciated.
hhpss
-
@hhpss:
Also I would like to take
loadoff the WiFi routers/APs, I tried to set up the current pfSense box as the DHCP server and the routers with DD-WRT as DHCP repeaters but when I did this the DD-WRT routers just vanished. Ideas?Did you connect the Wifi routers as described in http://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
@hhpss:
I'd love to save energy, but currently setting up various PC's to keep me online at decent speed for all my clients seems the best idea.
The Alix range of boards are very energy efficient and are more than capable of meeting your current bandwidth requirements. (See http://pcengines.ch) Readers have reported getting around 85Mbps through an Alix.
The most cost effective way of getting more ports (especially "low speed" ports) on a pfSense box is to use a VLAN capable switch as a "port multiplier". In your case, one switch port would be configured as a "trunk" port connected to a pfSense NIC on which a number of VLANs are configured. The remaining switch ports, configured to be single members of distinct VLANs, can then be connected to distinct ADSL modems. The bandwidth of a 100Mbps port can then be shared by tens of 1.5Mbps modems.
-
Did you connect the Wifi routers as described in http://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense
I didn't see this before and used the WAN port, so hopefully it'll work now…..
@wallabybob:@hhpss:
I'd love to save energy, but currently setting up various PC's to keep me online at decent speed for all my clients seems the best idea.
The Alix range of boards are very energy efficient and are more than capable of meeting your current bandwidth requirements. (See http://pcengines.ch) Readers have reported getting around 85Mbps through an Alix.
I'll have a look into this, but for now finding anything out of the very very ordinary of IT hardware seems difficult here in Bolivia. Ordering over the net would mean having it stuck in customs for weeks plus paying huge import taxes….
@wallabybob:The most cost effective way of getting more ports (especially "low speed" ports) on a pfSense box is to use a VLAN capable switch as a "port multiplier". In your case, one switch port would be configured as a "trunk" port connected to a pfSense NIC on which a number of VLANs are configured. The remaining switch ports, configured to be single members of distinct VLANs, can then be connected to distinct ADSL modems. The bandwidth of a 100Mbps port can then be shared by tens of 1.5Mbps modems.
I'm trying to read my way into VLANs, see if I understand enough to make use of it.
For now I am thinking of using one PC-pfSense box for MultiWAN, to this PC I will simply connect 5 DSL Modems and balance them to serve one LAN connection.
On that LAN connection I will put a 2nd PC-pfSense box that will connect the 3 different LANs.
It is my understanding that configuring the Firewall correctly will be enough to make sure there is no communication between the LANs (?)The part I am unsure about now is how to make sure that traffic from LAN 1 will prioritised over LAN 2 will be prioritised over LAN 3.
Also I want to use LAN1 for the office LAN so I have complete control over who is using what in that LAN and want to let the clients from that LAN use torrents, LAN 2 will be internet cafe computers, so I have control over those clients too, LAN 3 will be the WiFi with no control over the clients what so ever, so I want to apply QoS on that.
Not sure how to do that neither.Any help would be appreciated!
-
Is there some reason you want to use two pfSense boxes for this? You could do it all with one box as long as you can install enough interfaces, or use VLANs as suggested.
@hhpss:
It is my understanding that configuring the Firewall correctly will be enough to make sure there is no communication between the LANs (?)
That's correct.
Steve
-
Is there some reason you want to use two pfSense boxes for this?
I have 2 old PCs, and got 3 additional NICs for the 2nd one for 35 Dollars - finding VLAN enabled Switches around here could be a problem - I wouldn't know where to go… Ordering over the net is not really an option in Bolivia.
Any suggestions where to read on the outlined setup?
Right now I'm setting up Box1 that will distribute the traffic between the 3 LANs.
I will need to prioritise LAN 1 over LAN 2 over LAN3 and do some QoS on LAN3 - I'll read around in the corresponding forums and docs...Work on Box2 will be easy enough I hope as I'm already using pfSense for load balancing on that one...
I'm just wondering how I will be able to see Box 2 from behind Box 1....
-
You will have no problem accessing the outer box from behind the inner box. I'm typing this to you from behind two pfSense boxes right now.
The default setup there would be both boxes NATing the connection which is considered bad but almost everything will work just fine.
Steve
