Dual WAN failover and 1:1 NAT
-
I have two WAN connections.
The idea is to have each presented to pfSense on their own NIC.
I currently have one wan setup with a routed /29.
Second WAN is done via ethernet and also has a /29 available (not sure of the terminology, but rather than being routed to an IP, the /29 is simply the subnet available on that wan interface).
I already have 1:1 NAT and some manual outbound NAT rules on the existing WAN.
What I would like to do is create 1:1 NAT for the Second WAN and use that as the main connection, only reverting to the original WAN and it's 1:1 mappings in the event that the other fails.
Can this be done with one instance of pfSense or would I need to run two boxes with something like CARP on the LAN interface to achieve what I want?
-
That works fine.
For the Second WAN you will need VIPs for the external IPs of the 1:1 NAT, but otherwise it should be the same.
Traffic that enters WAN or WAN2 will go back out the expected path.
Traffic that is initiated from the inside will choose a path based on your gateways/groups in LAN-side rules, as it would for any other Multi-WAN setup. As it leaves a particular WAN, the 1:1 NAT for that WAN will apply on the way out.
