A few problems on my - maybe strange - setup.



  • Hello,

    first an image of my current setup:

    This is basically working for everything - all clients can use both WANs, also Port Forwarding, etc. is working.

    The Cisco and FritzBox are configured as routers, with disabled DHCP (which is handled by pfSense). The pfSense box is also configured as DMZ in both WAN routers.

    The basic reasons/goals for this setup are:

    1. Make use of both integrated GbE switches, with only one cable to the pfSense box (so I don't need an additional switch).
    2. Be able to use the 802.11a/b/g/n/ac WLAN provided by the FritzBox

    There are currently a few problems however:

    1. If I configure pfSense to load balance both WAN routers, after about 5 minutes the connection through the other subnet breaks up, and works again after 5 minutes or so, rinse and repeat. I cannot see any obvious reason for this behavior (Edit: Gateways are not down at the time).
    2. UPnP port forwarding is only configurable for one of the subnets.

    Is there any other setup which would work better? Something with VLANs maybe (I don't know how the integrated switches behave, though) I also had both WAN routers running in the same subnet, with a bridged connection in pfSense, but the Load Balancing did have problems as well, plus I also had problems with rules based on interfaces. The pfSense box has 4 GbE ports, but again I would like to use only one cable to the WAN routers, and no additional switch, if possible.

    Thanks and Regards,
    BoMbY


  • Rebel Alliance Global Moderator

    This setup looks pointless to me..  Clients could just point to fritz or cisco directly and completely bypass pfsense.  So your hairpinning all your connections in and out of pfsense WAN interfaces (they have gateways on them)

    Why don't you put your fritz and cisco in bridge mode and put your public IPs on pfsense WAN interfaces.  Or worse case double nat, and create your segments as lans on pfsense.

    As to using switches - you do understand you can pick up a gig switch for as little as $20..



  • 1. I have a GBit switch, but I could save the power (you know, power bills, climate, and so on)
    2. It doesn't exactly matter what the client on the subnets do, the point is only to have the option for fail over and load distribution. Besides I'm basically in full control who has access.
    3. I don't think the Fritz can be put to bridged mode, and I couldn't really use the WLAN this way (would need another WLAN router, again using more power than necessary)
    4. Yeah, I could also simply use only one of the WANs, but that also isn't the plan …


  • Rebel Alliance Global Moderator

    1. yeah because switches use what like 5watts at most??  My fully managed sg300-10 (8 + 2 combo ports, so 10 copper gig ports) uses in worse case scenario 10watts.  Your off the shelf dumb switches prob more like 2 watts.  I looked up a $20 gig switch TL-SG1005D, according to specs max consumption is 3w.

    Most switches these days are green, and turn off power to ports that are not in use, etc.

    I would never setup a network like that, not going to help with what to me is a broken setup.  For 1 your hairpinning, which to me is broken right out of the gate.  Maybe someone else likes to work with nonsense.



  • Yeah well, you are not exactly helpful or welcoming. So, thanks for nothing.


  • Rebel Alliance Global Moderator

    Because you don't like getting told your setup is Broken.. If you ask me that is the best help you could ever get!  Your Welcome!!

    You asked
    "Is there any other setup which would work better? "

    Yes there is!!  I gave you how to do it, but guess that is not what you wanted to hear - so why did you ask if there was a better way to do it?

    "Why don't you put your fritz and cisco in bridge mode and put your public IPs on pfsense WAN interfaces.  Or worse case double nat, and create your segments as lans on pfsense."



  • you either need more physical interfaces on your pfsense or need to start using vlans (that require your routers/modems to be able to deal with them – unlikely).
    so its like johnpoz said ... don't try to work around a broken design ... start from scratch and do it properly

    also a 10W switch would cost you around $20 / year  .... (if you can afford 2 isp's for a home network, then i dont think the additional $2 / month will make a diff)