Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    5WAN –> 5 LAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    9 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mattiasn
      last edited by

      Hey !

      I am a newbie on pfsense .

      It is so that we have two solid fiber ropes on the 100/100 and to this we have bought 25 ip addresses.
      I have installed pfsense on a physical server with five pieces of 1Gb / s Ethernet cards, and we now want to give some customers in our house internet where they get their own fixed IP .

      My idea is that customers get a personal firewall supplied by us, this is configured as in advance with one of these 25 addresses that we own .
      What I want to do with pfsense is to control the speed , and ensure that they do not thoughts downloaded from torrent sites . and shut down those who do not pay.

      Have Googled but can not find a solution for this setup!

      1 Reply Last reply Reply Quote 0
      • M Offline
        mattiasn
        last edited by

        I have fixed a neat drawing so that everyone understands what solution I'm looking for  :o ;D

        ![PfSense lösning.png](/public/imported_attachments/1/PfSense lösning.png)
        ![PfSense lösning.png_thumb](/public/imported_attachments/1/PfSense lösning.png_thumb)

        1 Reply Last reply Reply Quote 0
        • M Offline
          mattiasn
          last edited by

          So no one can help me with my problem ?

          1 Reply Last reply Reply Quote 0
          • D Offline
            doktornotor Banned
            last edited by

            I do not think you want 5 LANs. You want one LAN with public IP range on it, assigned to the customer routers via DHCP. No idea what do you want to do with those WANs (load ballancing, failover, policy routing…)

            1 Reply Last reply Reply Quote 0
            • M Offline
              mattiasn
              last edited by

              @doktornotor:

              I do not think you want 5 LANs. You want one LAN with public IP range on it, assigned to the customer routers via DHCP. No idea what do you want to do with those WANs (load ballancing, failover, policy routing…)

              I want a different LAN addresses depending on the customer.
              Then I want that each "Customer" should have its own WAN address, and one of these when will be our own.

              1 Reply Last reply Reply Quote 0
              • P Offline
                phil.davis
                last edited by

                You could set up each customer device on their own VLAN off your pfSense, then port forward everything on 1 of the public IP addresses to the internal address of the customer device. That way the customer device sees whatever comes on that public IP. Or you could even give the customers a whole subnet on a VLAN and just let them use it, if you are happy to receive requests from the customers for you to forward certain ports to certain IP addresses in their VLAN subnet…

                Then use a limiter on that VLAN to restrict the up/down speed to whatever the customer pays for.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • M Offline
                  mattiasn
                  last edited by

                  @phil.davis:

                  You could set up each customer device on their own VLAN off your pfSense, then port forward everything on 1 of the public IP addresses to the internal address of the customer device. That way the customer device sees whatever comes on that public IP. Or you could even give the customers a whole subnet on a VLAN and just let them use it, if you are happy to receive requests from the customers for you to forward certain ports to certain IP addresses in their VLSN subnet…

                  Then use a limiter on that VLAN to restrict the up/down speed to whatever the customer pays for.

                  Hello !

                  Thank you for a good answer. How do I do this installation / setup?
                  As I said earlier , I am new to the system knows almost nothing about pfsense .

                  1 Reply Last reply Reply Quote 0
                  • P Offline
                    phil.davis
                    last edited by

                    If you need to know almost everything from the start, then I suggest you buy the Gold membership and that will get you the draft 2.* book plus access to monthly hangouts - that will help you educate yourself. Since you have customers that pay something, it also seems reasonable to contribute something financial. This way you learn and the project gets funding also.
                    Some clues:

                    1. VLANs - Interfaces->(assign), VLANs tab, add VLANs to the interface you are using for that.
                    2. Put rule/s on each VLAN to pass all traffic (I am assuming you are letting the clients do whatever they want from their end)
                    3. Firewall->NAT, 1:1, add an entry for each client external = public IP they get, internal = the internal private IP that will receive the forwarded traffic.
                    4. Firewall->Traffic Shaper, Limiter tab - add 2 limiters for each client - 1 to use for Down and 1 to use for Up, give them some naming you understand.
                    5. In the rule/s on the client VLAN interface, Advanced section, choose the appropriate limiters.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      maldex
                      last edited by

                      hm, this is more an architectural question than a technical. if you go for one firewall with all 5 networks and alias interfaces and nat-ing, you get it all in one place, but are also creating a single-point-of-failure (that can also fail upon mis-configuration)

                      on the other hand, visualization with vmware or similar has become quite stable, why not running 5 pfsense installations in parallel? just hook all WAN-if's into the fiber, and then lan-patch-up your customer with or without vlan's, that depends on how the cabling can be done on-site. bandwidth-mgmt becomes then a bit tricky, but getting-started is much more easy, especially if you're new to these technologies. when you're settled you still can change the architecture later on and implement what you learned.

                      going gold is platinum!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.