Dual WAN, adding OPT2 for wireless/dual LAN ?

  • I've got a working dual wan -> one lan setup with pfsense.

    I'd like to add an OPT2 interface, and string a linksys wireless router to that, and have wireless clients on a seperate subnet, but accessing the net through the pfsense loadbalance

    currently, the dsl modem is acting as wireless access point, which is in front of pfsense on my network and thus can't take advantage of loadbalance or services on pfsense.  In the diagram below wireless clients are currently on 192.168.2.x and not affected by pfsense

    so I created the OPT2, plugged in the linksys.. it wants to NAT yet another subnet behind it, too.  devices are assigned IP's by the linksys when connected but can't get out to the internet.  I'm not sure what kind of rules or NAT setup on pfsense I'll need to setup OPT2 to get online but firewalled off the LAN

           		         WAN CABLE DHCP                LAN
    		 		                      \		           / 
     		 		                          - PFSENSE - 
    				                       /		       \ 
       OPT1 DSL 		            OPT2 --- Linksys AP  ~ ~ ~ 192.168.3.x wireless clients

    the only rule I've currently made is to PASS TCP source *  dest *  on OPT2, gateway LoadBalance

    but that didn't allow internet access from a pc plugged into the linksys

  • and I suppose the proper method is to slap a wireless card in the pfsense box, but pfsense is on specialized hardware and thats not possible at the moment, so I decided to instead string a linksys wireless access point off a spare pfsense ethernet port

  • @Perry:


    I'm not sure I follow.. that looks like he's pointing all traffic to a specific WAN, I'd like my OPT2 traffic to get loadbalanced

    I guess I need some static routes and firewall rules but I'm not quite sure exactly how to set them yet.. I tried following your linked post, but changing it to 'load balance' but I dunno, this is what I have for now
    also no static routes yet..  when I click add, it looks like it wants a network address  /32  what do I put there for a single IP (isp's dns server ip)
    I guess I need one static route for WAN's dns and one for OPT1's dsn for loadbalancing to work?

  • ok per this post

    I changed it so instead of pfsense plugged into linksys's external port, I've plugged it into just a regular switch port and enabled DHCP on OPT2.  machines plugged into linksys switch ports (and I assume wireless clients, havent tested yet) get IP's in 192.168.3.x from pfsense but can't access internet

  • That first rule on your opt2-interface doesn't make sense at all. Delete it.

    It is used to get to the DNS Forwarder, though the gateway prolly should be *

    In a multiwan setup where you have more than 1 lan interface and need loadbalance or wan2 access it combined with static routes is needed to resolve DNS.

  • Yep the gateway is wrong in that rule. Sorry, not enough sleep tonight  ;)

  • thanks.. changed the rules to have gateway * and added static routes to WAN and OPT1 DNS servers and I can get online now from OPT2 subnet, through WAN only of course.. going to fiddle with it and see if I can get OPT2 to use the LoadBalance instead of only WAN

