Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi WAN with same gateway is it posible?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      waldopulanco
      last edited by

      Hi! I have two isp but same gateway, is it posible to setup same gateway on wan1 and wan2? when wan1 and wan2 are selected to dhcp its working but when i select to static and set a gateway it was not accept.. I have ready all post here in forum but i dont know how to config it.. my pfsense version 2.1.3..

      thanks in advance!!

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        multiwan with the same gateway is ONLY possible when using PPPOE.

        any other scenario will not work. it might look like it "works" when using dhcp … in reality it does not work, only 1 of the WANS is actually working.
        the underlying OS does not support multiple route to the same gateway at this time.

        So, for now, the only solution is to put a cheap NAT router in between 1 of the WAN connections to circumvent the problem.

        1 Reply Last reply Reply Quote 0
        • W
          waldopulanco
          last edited by

          @heper:

          multiwan with the same gateway is ONLY possible when using PPPOE.

          any other scenario will not work. it might look like it "works" when using dhcp … in reality it does not work, only 1 of the WANS is actually working.
          the underlying OS does not support multiple route to the same gateway at this time.

          So, for now, the only solution is to put a cheap NAT router in between 1 of the WAN connections to circumvent the problem.

          thank you for your good reply! I really need to buy another router and put it either wan1 or wan2 in this way the gateway of a router for wan2 and the gateway for wan1 is direct from my isp!

          thank you so much!!

          regards
          WALDO

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            You could also configure the second WAN interface as a virtual ip and set a Manual NAT configuration to get two WANS to work that are on the same WAN gateway.

            https://forum.pfsense.org/index.php?topic=64682.msg375641#msg375641

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • W
              waldopulanco
              last edited by

              @BBcan17:

              You could also configure the second WAN interface as a virtual ip and set a Manual NAT configuration to get two WANS to work that are on the same WAN gateway.

              https://forum.pfsense.org/index.php?topic=64682.msg375641#msg375641

              thanks! but i dont understand this

              Add within Firewall => Virtual IP an IP Alias for additional IPs/networks
              Activate different public IP settings by deactivating automatic Outbound NAT
              in Firewall => NAT => Outbound NAT
              You can clear a lot of unneccessary Outbound NAT rules but don't forget to have at least 1 outbound NAT which matches your LAN's to your default public IP.
              Then you can add before this rule your explicit server outbound NAT rule to use the other public IP (in interface list you can select IP Aliases, CARP IPs and Host Aliases from Firewall Aliases)

              where can i create this "Add within Firewall => Virtual IP an IP Alias for additional IPs/networks"?

              On Firewall: Virtual IP Address: what type IP Alias, carp, proxy arp or other?
              Interface: WAN1, WAN2 or LAN?
              IP Address(es): what ip?

              how about in 'Firewall: NAT: Outbound"
              here is my setting "WAN1  192.168.2.0/24 * * * WAN1 address * NO"

              and how to config this ""Then you can add before this rule your explicit server outbound NAT rule to use the other public IP (in interface list you can select IP Aliases, CARP IPs and Host Aliases from Firewall Aliases)""

              sORRY I am newbie. pls. step by step..

              thanks!!

              1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator
                last edited by

                Hi waldopulanco,

                [ 1 ]

                Leave WAN1 as is, and delete the WAN2 interface settings.

                [ 2 ]

                WAN2 will use the WAN1 interface but we need to define WAN2 as an "alias" as it will be using the same WAN gateway.

                goto Firewall:Virtual IPs, and add a "IP Alias", Interface WAN, using the static IP address for WAN2 (/32) add a description. Save.

                So basically it will use the same Interface for both Wan1 and Wan2. You dont need to configure anymore settings for WAN2.

                [ 3 ]

                In Firewall:NAT the default settings is automatic.

                Port Forward (Inbound settings)
                Outbound (outbound settings)

                In Port Forward, add port forwards for WAN2,

                You need to create inbound (port forward) rules so that any inbound on WAN2 will be allowed to access a local web server, mail server etc.. If you don't have anything like that, you can leave out the port forwarding and only define the Outbound settings.

                So I have a mail server using WAN2 which has a rule to forward SMTP to the local mail server on the LAN side. (This is just showing one rule, you can add rules for as you require)

                Interface - WAN
                Protocol - TCP
                Destination Type - IP ALIAS that you defined above
                Destination Port range = SMTP
                Redirected Target IP  - Local Mail server lan address x.x.x.x /32
                Redirected target Port - SMTP

                For OutBound,

                You need to change the MODE to "Manual".

                It will populate it with the same settings that were there in Automatic mode. The default settings will work for WAN1 only. So only add rules for WAN2.
                Normally you only need to add rules for WAN2 outbound.

                So for my mail server going out, I add the following.

                Interface - WAN
                protocol - ANY
                Source - Local Mail server lan address x.x.x.x /32
                Translation Address - Select "IP Alias" as defined above.

                Add a description.

                (This is just one rule, you can define others as you require)

                UPDATE:
                [ [u]ORDER of Rules is important, make sure you have the WAN2 Outbound Rules at the top of the List. ]

                Hopefully this will help lead you in the right direction.

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • W
                  waldopulanco
                  last edited by

                  @BBcan17:

                  Hi waldopulanco,

                  [ 1 ]

                  Leave WAN1 as is, and delete the WAN2 interface settings.

                  [ 2 ]

                  WAN2 will use the WAN1 interface but we need to define WAN2 as an "alias" as it will be using the same WAN gateway.

                  goto Firewall:Virtual IPs, and add a "IP Alias", Interface WAN, using the static IP address for WAN2 (/32) add a description. Save.

                  So basically it will use the same Interface for both Wan1 and Wan2. You dont need to configure anymore settings for WAN2.

                  [ 3 ]

                  In Firewall:NAT the default settings is automatic.

                  Port Forward (Inbound settings)
                  Outbound (outbound settings)

                  In Port Forward, add port forwards for WAN2,

                  You need to create inbound (port forward) rules so that any inbound on WAN2 will be allowed to access a local web server, mail server etc.. If you don't have anything like that, you can leave out the port forwarding and only define the Outbound settings.

                  So I have a mail server using WAN2 which has a rule to forward SMTP to the local mail server on the LAN side. (This is just showing one rule, you can add rules for as you require)

                  Interface - WAN
                  Protocol - TCP
                  Destination Type - IP ALIAS that you defined above
                  Destination Port range = SMTP
                  Redirected Target IP  - Local Mail server lan address x.x.x.x /32
                  Redirected target Port - SMTP

                  For OutBound,

                  You need to change the MODE to "Manual".

                  It will populate it with the same settings that were there in Automatic mode. The default settings will work for WAN1 only. So only add rules for WAN2.
                  Normally you only need to add rules for WAN2 outbound.

                  So for my mail server going out, I add the following.

                  Interface - WAN
                  protocol - ANY
                  Source - Local Mail server lan address x.x.x.x /32
                  Translation Address - Select "IP Alias" as defined above.

                  Add a description.

                  (This is just one rule, you can define others as you require)

                  UPDATE:
                  [ [u]ORDER of Rules is important, make sure you have the WAN2 Outbound Rules at the top of the List. ]

                  Hopefully this will help lead you in the right direction.

                  thanks you so much! how about in gateway for wan2? If I want to select my wan2 gateway in firewall rules: lan? because wan1 is for browsing, streaming and downloading, and wan2 is for online games..

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    @waldopulanco:

                    thanks you so much! how about in gateway for wan2? If I want to select my wan2 gateway in firewall rules: lan? because wan1 is for browsing, streaming and downloading, and wan2 is for online games..

                    You don't need to set a WAN2 Gateway as it is using the same gateway as WAN1.

                    You need to configure the OUTBOUND NAT for the IP address of the LAN computer that you use for gaming, and add the PORTS to the NAT Rule so that when pfSense sees the Lan address going out a certain port, it will use the WAN2 address.

                    You might need to add Port Forwards (Inbound) depending on the Game application.

                    You don't need to edit the Firewall Rules for that.

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • W
                      waldopulanco
                      last edited by

                      @BBcan17:

                      @waldopulanco:

                      thanks you so much! how about in gateway for wan2? If I want to select my wan2 gateway in firewall rules: lan? because wan1 is for browsing, streaming and downloading, and wan2 is for online games..

                      You don't need to set a WAN2 Gateway as it is using the same gateway as WAN1.

                      You need to configure the OUTBOUND NAT for the IP address of the LAN computer that you use for gaming, and add the PORTS to the NAT Rule so that when pfSense sees the Lan address going out a certain port, it will use the WAN2 address.

                      You might need to add Port Forwards (Inbound) depending on the Game application.

                      You don't need to edit the Firewall Rules for that.

                      Thanks! I will try it!!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.