2 WANs going to each separate LANs

LogicWater

Hey all,

I have two internet connections going into my pfSense server on WAN1 and WAN2 interface. I currently have just 1 LAN interface setup but I wish to add another one then separate the two. How can this be done.

ADSL1 -> WAN1 -> LAN1
ADSL2(Bridged) -> WAN2(PPPoE) -> LAN2

phil.davis

Just put firewall rules to send the traffic you want to allow to the desired gateway, e.g.:
On LAN1: block destination LAN2 traffic, pass everything else to WAN1 gateway
On LAN2: block destination LAN1 traffic, pass everything else to WAN2 gateway

If you are using the DNS forwarder built in to pfSense, then they will be sharing the DNS - some DNS queries that came from LAN2 boxes might go out WAN1 and so on, DNS queries retrieved for LAN2 will be in the cache ready-to-go if they are requested on LAN1… So there is not total isolation there, but probably you don't care about that.

mjneiva

Hi,

I want to configure a similar situation:

ADSL (Static) -> WAN1 -> LAN
4G Router (Static) -> WAN2 -> DMZ

Until this moment I have the following configuration working correctly:

ADSL -> WAN1 -> LAN
ADSL -> WAN1 -> DMZ

I have tried several configurations without success. If I do a packet capture on WAN2, while I am trying to access the 4G Router from the outside I get traffic. Is there anything eles that has to be configured?

phil.davis

With a DMZ, you are probably wanting to give access from outside through WAN2 to server/s in the DMZ. For that you need to add appropriate pass rules on WAN2 and port forwards from WAN2 IP address/es to DMZ addresses.
Post more detail of what you want to achieve (connections in which direction for what) and what you have setup so far (Firewall Rules, port forwards…) and what does and does not work.

mjneiva

I have already configured at this moment a webserver on the DMZ that is accessible from the outside. This webserver on the DMZ has only access to one port to the LAN. Both LAN and DMZ use the same WAN. Everything is configured and working correctly.

Now I want to set separate WANs for the LAN and for the DMZ due to the low speed of the internet connection. I want to set a separate internet access to access the webserver on the DMZ. I have configured a new interface, a new gateway and configured the rules but I cannot get it working.

LogicWater

So, you are telling me under the Firewall Rules for LAN1 instead of:

ID | Proto | Source    | Port |  Destination    | Port | Gateway | Queue  |
–  | *     | *           | *   |  LAN1 address | *   | *           | none    |
--  | *     | LAN1 net  | *      | *                   | *     | *         | none    |

it should be?:

ID | Proto | Source  | Port |  Destination  | Port | Gateway | Queue  |
--  | * | LAN1 net | *    |  LAN address   | *   | *             | none   |

WAN1:
ID | Proto | Source                                        | Port |  Destination  | Port | Gateway | Queue  |
--  | * | RFC 1918 networks                    | *      |  *             | *      | *       | none    |  Block private networks
--  | * | Reserved/not assigned by IANA | *      |  *             | *      | *       | none    |  Block bogon networks

LAN2:
ID | Proto | Source    | Port |  Destination      | Port | Gateway    | Queue  |
--  | *     | LAN2 net | *    |  LAN2 address   | *   | *             | none   |

WAN2:
<no entries="">Btw, I got the WAN2 to get PPPoe connection (in bridged mode from router to WAN2) but LAN2 can ping within its network but cannot get onto the internet now. Any ideas?</no>