2 lan , 2 wan



  • this is very similar to http://forum.pfsense.org/index.php/topic,6644.0.html

    wan1–-----------                          Lan1----------switch1---- 10.10.10.10
                                Pfsense 1.2 RC3
    wan2-------------                          Lan2---------switch2----- 192.168.10.10

    wan1 is PPoE DSL, monitor ip is the ISPs DNS server
    wan2 is Static, cable internet provider , monitor ip is the modem 192.168.100.1

    I have 2 load balancing pools setup. they work fine for lan1. lan2 works for about 30 minutes then I cannot ping the  firewall, cannot access interrnet. If I have the first rule on lan2 to be Allow all , gateway default then all is fine.

    I really think that this is a recently introduced bug.

    I have changed everything on lan2 - cable, switch PCs. everything. If I plugin switch2 to lan1 , then all PCs in lan2 work fine.
    Its not a hardware problem. The system works fine when the gateway is set to default.



  • Hello, I have a similar setup and everything works for me, I have found a few things out that may solve your problem.

    1. when you set your Dual Wan's to Load Balance you have to setup advance outbound nat.
    2. when you do that, you will be able to use the internet on the Lan using the loadbalance pool for the default gateway, however all local network access doesn't work. I'm not sure but I think it has something to do with the LANx in questions traffic automatically being nated instead of the router (PfSense box deciding weather or not the traffic is local or remote)

    I'm still working on the answer my self, I beleive that the answer lines in the rules, I'm trying to make a rule where only packets destined for port 80 are NATed over the loadbalance but all the rest use the default gateway, for some reason though this will not allow me to surf the internet, I will let you know how I make out. AS far as speed increase I haven't noticed any real increase. When I goto http://www.ipchicken.com and keep refreshing the screen I can see my wan changing back and forth, that is pretty cool.

    What I'm really trying to do is get individual host on an network to use what ever wan I want but right now I have to assign the whole subnet to a wan not just an individual host. And then losing local connectivity is a problem as well.

    So in closing what I think that you need to do is set up an rule to use the load balance pool, which I think that you have done, but you need to setup an outbound NAT for that network using that rule. For example:

    You need to setup outbound thats for each WAN that you have, and if for example you want your 192.168.3.0 /24 network to use each WAN connection then you need to setup an outbound Nat for this network for each WAN so that would be two more NAT rules and if you have 2 WAN's and 2 LAN's then you need at least 6 rules for out bound NAT's. Hope this helps.



  • mikeisfly, my understanding is that Outbound NAT was only required for pfSense 1.1 but not for 1.2



  • I have tried setting up Outbound NAT but it does not help with LAN2 load balancing. Here are my NAT rules - please correct them.

    Firewall> NAT> Outbound
    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port 
    WAN  10.0.0.0/8 * * * * * NO
    WAN  192.168.10.0/24 * * * * *              NO WAN2  10.0.0.0/8 * * * * *
    WAN2  192.168.10.0/24 * * * * *

    If My Lan2 rule is
    Proto  Source  Port  Destination  Port  Gateway  Schedule  Description

    • LAN2net * ! LAN net  * *

    then Lan2 can function. If I try to have load balancing in there it does not work.
    Load balancing works fine on Lan1



  • What happens if you select wan2 as gateway for lan2?

    i remember this post
    http://forum.pfsense.org/index.php/topic,4762.0.html



  • @Perry:

    What happens if you select wan2 as gateway for lan2?

    i remember this post
    http://forum.pfsense.org/index.php/topic,4762.0.html

    Doesn't help. With gateway set to WAN2-gateway I can access nothing on the web. With gateway set to default it works fine as long as WAN1 is up.



  • but works if you use a ip adresse http://72.36.201.130/



  • @Perry:

    but works if you use a ip adresse http://72.36.201.130/

    sorry, what do you mean by that? The only optionds for setting the gateway for a firewall rule are default (WAN is PPoE)/WAN2 gateway/loadbalance gateways. I cannot select any thing else



  • My guess was just that it is a dns problem, so if you set your gateway to wan2 can you then access a web page by it's ip.


Log in to reply