Multi WAN with same gateway is it posible?

waldopulanco

Hi! I have two isp but same gateway, is it posible to setup same gateway on wan1 and wan2? when wan1 and wan2 are selected to dhcp its working but when i select to static and set a gateway it was not accept.. I have ready all post here in forum but i dont know how to config it.. my pfsense version 2.1.3..

thanks in advance!!

heper

multiwan with the same gateway is ONLY possible when using PPPOE.

any other scenario will not work. it might look like it "works" when using dhcp … in reality it does not work, only 1 of the WANS is actually working.
the underlying OS does not support multiple route to the same gateway at this time.

So, for now, the only solution is to put a cheap NAT router in between 1 of the WAN connections to circumvent the problem.

waldopulanco

@heper:

multiwan with the same gateway is ONLY possible when using PPPOE.

any other scenario will not work. it might look like it "works" when using dhcp … in reality it does not work, only 1 of the WANS is actually working.
the underlying OS does not support multiple route to the same gateway at this time.

So, for now, the only solution is to put a cheap NAT router in between 1 of the WAN connections to circumvent the problem.

thank you for your good reply! I really need to buy another router and put it either wan1 or wan2 in this way the gateway of a router for wan2 and the gateway for wan1 is direct from my isp!

thank you so much!!

regards
WALDO

BBcan177

You could also configure the second WAN interface as a virtual ip and set a Manual NAT configuration to get two WANS to work that are on the same WAN gateway.

https://forum.pfsense.org/index.php?topic=64682.msg375641#msg375641

waldopulanco

@BBcan17:

You could also configure the second WAN interface as a virtual ip and set a Manual NAT configuration to get two WANS to work that are on the same WAN gateway.

https://forum.pfsense.org/index.php?topic=64682.msg375641#msg375641

thanks! but i dont understand this

Add within Firewall => Virtual IP an IP Alias for additional IPs/networks
Activate different public IP settings by deactivating automatic Outbound NAT
in Firewall => NAT => Outbound NAT
You can clear a lot of unneccessary Outbound NAT rules but don't forget to have at least 1 outbound NAT which matches your LAN's to your default public IP.
Then you can add before this rule your explicit server outbound NAT rule to use the other public IP (in interface list you can select IP Aliases, CARP IPs and Host Aliases from Firewall Aliases)

where can i create this "Add within Firewall => Virtual IP an IP Alias for additional IPs/networks"?

On Firewall: Virtual IP Address: what type IP Alias, carp, proxy arp or other?
Interface: WAN1, WAN2 or LAN?
IP Address(es): what ip?

how about in 'Firewall: NAT: Outbound"
here is my setting "WAN1  192.168.2.0/24 * * * WAN1 address * NO"

and how to config this ""Then you can add before this rule your explicit server outbound NAT rule to use the other public IP (in interface list you can select IP Aliases, CARP IPs and Host Aliases from Firewall Aliases)""

sORRY I am newbie. pls. step by step..

thanks!!

BBcan177

Hi waldopulanco,

[ 1 ]

Leave WAN1 as is, and delete the WAN2 interface settings.

[ 2 ]

WAN2 will use the WAN1 interface but we need to define WAN2 as an "alias" as it will be using the same WAN gateway.

goto Firewall:Virtual IPs, and add a "IP Alias", Interface WAN, using the static IP address for WAN2 (/32) add a description. Save.

So basically it will use the same Interface for both Wan1 and Wan2. You dont need to configure anymore settings for WAN2.

[ 3 ]

In Firewall:NAT the default settings is automatic.

Port Forward (Inbound settings)
Outbound (outbound settings)

In Port Forward, add port forwards for WAN2,

You need to create inbound (port forward) rules so that any inbound on WAN2 will be allowed to access a local web server, mail server etc.. If you don't have anything like that, you can leave out the port forwarding and only define the Outbound settings.

So I have a mail server using WAN2 which has a rule to forward SMTP to the local mail server on the LAN side. (This is just showing one rule, you can add rules for as you require)

Interface - WAN
Protocol - TCP
Destination Type - IP ALIAS that you defined above
Destination Port range = SMTP
Redirected Target IP  - Local Mail server lan address x.x.x.x /32
Redirected target Port - SMTP

For OutBound,

You need to change the MODE to "Manual".

It will populate it with the same settings that were there in Automatic mode. The default settings will work for WAN1 only. So only add rules for WAN2.
Normally you only need to add rules for WAN2 outbound.

So for my mail server going out, I add the following.

Interface - WAN
protocol - ANY
Source - Local Mail server lan address x.x.x.x /32
Translation Address - Select "IP Alias" as defined above.

Add a description.

(This is just one rule, you can define others as you require)

UPDATE:
[ [u]ORDER of Rules is important, make sure you have the WAN2 Outbound Rules at the top of the List. ]

Hopefully this will help lead you in the right direction.

waldopulanco

@BBcan17:

Hi waldopulanco,

[ 1 ]

Leave WAN1 as is, and delete the WAN2 interface settings.

[ 2 ]

WAN2 will use the WAN1 interface but we need to define WAN2 as an "alias" as it will be using the same WAN gateway.

goto Firewall:Virtual IPs, and add a "IP Alias", Interface WAN, using the static IP address for WAN2 (/32) add a description. Save.

So basically it will use the same Interface for both Wan1 and Wan2. You dont need to configure anymore settings for WAN2.

[ 3 ]

In Firewall:NAT the default settings is automatic.

Port Forward (Inbound settings)
Outbound (outbound settings)

In Port Forward, add port forwards for WAN2,

You need to create inbound (port forward) rules so that any inbound on WAN2 will be allowed to access a local web server, mail server etc.. If you don't have anything like that, you can leave out the port forwarding and only define the Outbound settings.

So I have a mail server using WAN2 which has a rule to forward SMTP to the local mail server on the LAN side. (This is just showing one rule, you can add rules for as you require)

Interface - WAN
Protocol - TCP
Destination Type - IP ALIAS that you defined above
Destination Port range = SMTP
Redirected Target IP  - Local Mail server lan address x.x.x.x /32
Redirected target Port - SMTP

For OutBound,

You need to change the MODE to "Manual".

It will populate it with the same settings that were there in Automatic mode. The default settings will work for WAN1 only. So only add rules for WAN2.
Normally you only need to add rules for WAN2 outbound.

So for my mail server going out, I add the following.

Interface - WAN
protocol - ANY
Source - Local Mail server lan address x.x.x.x /32
Translation Address - Select "IP Alias" as defined above.

Add a description.

(This is just one rule, you can define others as you require)

UPDATE:
[ [u]ORDER of Rules is important, make sure you have the WAN2 Outbound Rules at the top of the List. ]

Hopefully this will help lead you in the right direction.

thanks you so much! how about in gateway for wan2? If I want to select my wan2 gateway in firewall rules: lan? because wan1 is for browsing, streaming and downloading, and wan2 is for online games..

BBcan177

@waldopulanco:

thanks you so much! how about in gateway for wan2? If I want to select my wan2 gateway in firewall rules: lan? because wan1 is for browsing, streaming and downloading, and wan2 is for online games..

You don't need to set a WAN2 Gateway as it is using the same gateway as WAN1.

You need to configure the OUTBOUND NAT for the IP address of the LAN computer that you use for gaming, and add the PORTS to the NAT Rule so that when pfSense sees the Lan address going out a certain port, it will use the WAN2 address.

You might need to add Port Forwards (Inbound) depending on the Game application.

You don't need to edit the Firewall Rules for that.

waldopulanco

@BBcan17:

@waldopulanco:

thanks you so much! how about in gateway for wan2? If I want to select my wan2 gateway in firewall rules: lan? because wan1 is for browsing, streaming and downloading, and wan2 is for online games..

You don't need to set a WAN2 Gateway as it is using the same gateway as WAN1.

You need to configure the OUTBOUND NAT for the IP address of the LAN computer that you use for gaming, and add the PORTS to the NAT Rule so that when pfSense sees the Lan address going out a certain port, it will use the WAN2 address.

You might need to add Port Forwards (Inbound) depending on the Game application.

You don't need to edit the Firewall Rules for that.

Thanks! I will try it!!