Access to the internet

lfreez

hi everyone firstly want to say I'm new to the forum and this is my first post. also please apologies for my bad English.

I need some advice.

want to know this scenario is possible to configure in pfsense

scenario -

I have 2 WAN connections
eg-  WAN 1 ( 4 Mbps)
      WAN 2 ( 4 Mbps)

I have 3 VLANs in my LAN
eg- VLAN 1 - Sales
      VLAN 2 - HR
      VLAN 3 - IT

so I want to configure -

users in VLAN 1 can access internet only through the WAN 1 ( 4 Mbps)
users in VLAN 2 can access internet only through the WAN 2 ( 4 Mbps)
users in VLAN 3 can access internet using both WAN 1 and WAN 2 with load balance ( 8 Mbps)

is this possible ??? please give me some advice

Thanks!!

lfreez

::)

KOM

Yes, you can do that with policy-based routing.  Use firewall rules to direct traffic from particular subnets or VLANS to specific WANs.  I can't provide specific guidance since I odn't have this configuration to play with.  Search these forums and online for policy-based routing info.

lfreez

@KOM:

Yes, you can do that with policy-based routing.  Use firewall rules to direct traffic from particular subnets or VLANS to specific WANs.  I can't provide specific guidance since I odn't have this configuration to play with.  Search these forums and online for policy-based routing info.

Thanks KOM I'll search that

Derelict

https://doc.pfsense.org/index.php/What_is_policy_routing

And you'll need this for traffic between your VLANs:

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

KOM

That policy-based routing page is practically useless without some examples and I never link to it because of that.

Derelict

Oh well.  We have the documentation we have.

lfreez

hi everyone

I found some detail about policy-based routing and did some changes but It didn't work for me.

Now what I want to do is -

users is VLAN 1 (network 10.238.56.0) give access to internet through WAN1
users is VLAN 2 (network 10.238.59.0) give access to internet through WAN2

what I did in pfsense -

system–>gateways-->

1.create 2 gateways for my 2 WANs
2.create a gateway for my LAN
3.WAN1 is selected as default
4.routes added to my 2 networks
  10.238.56.0
  10.238.59.0
5.no gateway groups added

Firewall–> Rules-->LAN

1.added 2 rules for my 2 networks

Eg-  LAN 1
Action            - pass
Interface          - LAN
Protocol          - TCP
Source            - type    - network
                        address  - 10.238.56.0/24
destination      - type    - single host or alias/network/wan1 net/wan1 address/wan2 net/wan2 address
                        address  -
advance features –> Gateway - WAN1

Eg-  LAN 2 same as above

please can anyone tell me

1. what is the suitable for

destination - type  - single host or alias/network/wan1 net/wan1 address/wan2 net/wan2 address

2.is that need to add rules for WAN1 and WAN2 in Firewall--> Rules

Derelict

1. For internet access the destination should be any.

You should also be passing IPv4 any protocol, not just TCP.

2. You don't need any rules on WAN1 or WAN2 unless you want to pass connections FROM the internet INTO pfSense (you are running servers that internet users need to access).

lfreez

@Derelict:

1. For internet access the destination should be any.

You should also be passing IPv4 any protocol, not just TCP.

2. You don't need any rules on WAN1 or WAN2 unless you want to pass connections FROM the internet INTO pfSense (you are running servers that internet users need to access).

thanks Derelict for your quick response.. now I changed like you said but still both networks using same gateway for access to the internet

what about floating rules is that necessary??

Derelict

No.

Firewall–> Rules-->LAN

1.added 2 rules for my 2 networks

Eg-  LAN 1
Action            - pass
Interface          - LAN
Protocol          - TCP
Source            - type    - network
                        address  - 10.238.56.0/24
destination      - type    - single host or alias/network/wan1 net/wan1 address/wan2 net/wan2 address
                        address  -
advance features --> Gateway - WAN1

Eg-  LAN 2 same as above

Can you do screenshots of both Firewall > Rules pages for both LAN interfaces?  Both System > Routing > Gateways?

lfreez

yes I can

lfreez

here are that screenshots -

Derelict

Might be just me but those are mostly too low-resolution to read.

lfreez

sorry

KOM

What's LANGW, a gateway group?

lfreez

@KOM:

What's LANGW, a gateway group?

you mean….  System: Gateways --> LANGW

that is my LAN

Derelict

Yeah those images aren't any good either.  Just attach the images using the attachment tool in the forum posting form.  Works great.  Not sure why people insist on doing something else.

Derelict

Nope.  Still just thumbnails for me.  Dont have time to deal with why multiple browsers don't display postimg correctly.  Post them so people can see them.


Derelict

Not for me they're not.  Even after clearing cache 4 of 5 are still thumbnails.