Split ports from LAN to multiWAN



  • Hi,
    I am trying to learn PfSense and haven't decided whether or not to use it.
    Basically, my small environment has 2 ADSL line from 2 different Service provider and One VMware 5.5 Server that has multiple Virtual; servers. First ADLS line has a modem and internet connection is working fine. first line's subnet is 192.168.15.0/24. It is connected to a switch and all client connect that switch. Basically, It has been working for a long time.
    I recently got a second ADLS line. the main purpose of getting this line is separating services to multiWAN. Such as, VOIP connection must use Second Adsl and rest of traffic must go to first adsl line. Second line has connected and I tested it. It has 10.0.0.0/24 network. network cable from this adsl modem is not going to switch. it is connected to directly one of network ports of the physical server.
    I have installed PfSense as a virtual machine and add 2 vNIC cards. one connects to LAN switch (192.168.15.0) and this network has 192.168.15.1 gateway (adsl modem), second nVIC connects to Second ADSL line and gateway IP is 10.0.0.1
    So, PFSense found 2 cards and I manually gave static IP address to those ports 192.168.15.50 and 10.0.0.50. It seems ports are up in PfSense. They are online. Also created 2 upstream IP for those LAN and WAN interfaces in PFSense and upstreams are gateway IPs of 2 adsl modem (192.168.15.1 and 10.0.0.1)
    Also I chose LAN is a default gateway
    What I want is traffic from 192.168.15.0/24 UDP port between 4000-65535 to my VOIP provider's External IP range must use second adsl (10.0.0.0/24) and all other traffic , email http, https etc… must use firs adsl line (192.168.15.0/24)

    I created firewall rule, from LAN Subnet port range UDP 4000-65535 to VOIP COMPANY IP RANGE destination and any port must PASS and use gateway 10.0.0.50
    Second rule is from my LAN to * with any port default pass.

    First question is can I do what I want in PfSense? if so, what should I do?
    If you have any solutions, please give me detailed examples because this is the first time I use Pfsense
    Regards



  • Yes, it is possible.

    I think what you want to do is set up policy-based routing.  This will allow you to direct traffic to an interface based on a set of rules (policies), such as IP address, port, or protocol.

    Additionally, pfSense has advance capabilities such as QoS (Quality of Service) that can prioritize one kind of traffic over another.  So you could eventually use both WAN ports as either a load balanced pair or a failover pair, and ensure that your VOIP traffic has the highest protocol priority, and that would ensure the quality of those connections.

    It can do a lot, and you'll eventually see the value of some of these other features as you implement them.