DUALWAN Needs Advanced Outbound NAT?



  • Hello all,

    I've been reading 2 documents about MultiWAN in Pfsense:

    BSD Dual Wan Router -> http://www.netlife.co.za/content/view/34/34/

    Multiwan version 1.2 -> http://olddoc.pfsense.org/index.php/MultiWanVersion1.2

    In first document seems to be important Create NAT for your WAN-POOL and enable advanced outbound nat

    Second document doesn´t point about NAT confguration.

    I haven't been able to get Loadbalancing to work nicely.  I've followed MultiWAN 1.2 + BSD Dual Wan Router (Advanced outbound nat), but don´t go. Using loadbalancing, after few seconds internet stop responding.  Cannot ping the outside.

    Sticky connections is enabled. Status > Loadbalancer show that both interfaces are online.  Reseting the firewall state table, the issue fixes itself.

    May be a NAT problem?



  • The short answer is no.
    Atm i believe that Multiwan 1.2 from doc is the only one to follow. But do to so many different types of setups it can be hard to understand what's right or needed for your setup.

    Part 1: The default test setup

    A default install with latest version 1.2RC3 http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/
    Next test your connection. Set your gateway to wan2 on your default lan rule so you know both wan's works
    Setup the 3 loadbalance / failover pools and test them on lan gateway as before using http://www.myip.dk/ to watch the ip change.

    With that little setup you will get a better understanding on how the dual wan setup works for you.

    Part 2: "I haven't been able to get Loadbalancing to work nicely"
    Then don't use it :) Well load balancing only seems to make sense when using a download manager, downloading large files.
    I use Wan1FailsToWan2 and Wan2FailsToWan1 instead. How did i come to this? 
    Well Sticky connections seems to get stock from time to time.
    No need to set different rules for different protocols.
    I can split the download to users with different gateways anyway.

    Hope this helps.

    P.s. Search for static routes if you don't want to drive on the same track as i :D



  • The whole point of pfsense for many is loadbalancing. Otherwise for a small setup I would just setup multiple gateways and static routing in windows, linux, etc.
    The whole dual wan setup up is as clear as mud.  When compared to a dual wan router the learning curve is so high.

    What would be nice is a dual wan wizard that at least got people started with basic multiwan setups.  Even if you know what you are doing the setups get so complex that you can make a mistake at any point and and have to start over or backtrack.

    If loadbalancing is your goal and time is valuable, then even a $2000 dual wan router can be cheaper.

    I am running pfsense in a vmware session just to avoid having to worry about the hardware combatibility.

    Here is an idea.  How about a rocksolid vmwareconfigured setup in the latest release for people to modify and use for their own personal use?  Does succh a thing already exist?

    And for the love of god get rid of all the out-dated setup docs or atleast mark them as such.  Why is the third interface called opt1?  Why not just call it wan2 and explain that it may function diff from wan?  It is almost like you are trying to create barriers to entry when compared to a $100 dual wan router.



  • i would say the third interface is called opt1 because not everyone will use it for a second wan?  i know people who have opt1 setup for their internal wireless network seperate from their lan connection, and many other scenarios.

    I agree with the documentation, but like they have said before, that is something they are actively working on.



  • Comming from using several dual and multiwan routers, I can say on those that the wan ports are not always used as wan, but still they are named wan.  Any ony that needs them for something other than wan are more than likely smart enough to figure that out, but people who have no idea what an opt1 is will have problems :)

    I checked my networking for dummies and there was no opt1 in there :)

    Some of the docs even call opt1 wan2.  The best place to put documentation is in the firmware itself.  Especially the basic stuff.  Many dual and multiwan routers can be used without opening the manual. I doubt this will ever be the case with pfsense, however it could be just a little more friendly.  Now exscuse me while I go read afvanced routing for dummies :)



  • I have an idea.  I hope it has not already been done, if it has I am sorry I could not find it.

    How about a baseline dual wan setup in a vmware session that has all the routing setup with 2 nat based wan ports.  That way we can use it to force our setups to conform to it and then work from there to get to what weall want.  With every new release we can simply get the new snapshot and work our way through it till a wizard or better documentation exist.

    the reason why i say use vmware is that hardware should not be an issue or as much of an issue.

    With such a baseline setup question could be asked that would be much easier to answer.



  • @Freezone:

    I have an idea.  I hope it has not already been done, if it has I am sorry I could not find it.

    How about a baseline dual wan setup in a vmware session that has all the routing setup with 2 nat based wan ports.  That way we can use it to force our setups to conform to it and then work from there to get to what weall want.  With every new release we can simply get the new snapshot and work our way through it till a wizard or better documentation exist.

    the reason why i say use vmware is that hardware should not be an issue or as much of an issue.

    With such a baseline setup question could be asked that would be much easier to answer.

    Sounds awesome.  Let us know when it's complete and we'll put up a link to it.  Thanks

    –Bill



  • LMAO I knew someone would call me out for me to do it :).  I can probably start it, but i wil get lost in the loadbalancing routing.  Unless someone already has a simple vmware setup they want to share.


Log in to reply