Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-WAN on single interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    13 Posts 3 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lale
      last edited by

      Hi all,

      i'm going to configure a pfSense fw in this scenario:

      • 1 DSL line with 8-IPs static&public;
      • 1 DSL line with 8-IPs static&public;
      • DMZ;
      • LAN;
      • WIFI LAN;

      I would implement load-balancing with DSL lines but…is it possible to connect both public subnet to 1 ethernet interface (think using VIP) and implement load-balancing?

      Thanks,

      lale

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        http://forum.pfsense.org/index.php/topic,9422.0.html

        Are you using DSL-modem-routers?
        Or do you intend to perform the PPPoE authentication on pfSense itself?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • L
          lale
          last edited by

          Thanks for fast reply!!!

          yes i use two DSL-modem-router and don't need authentication on pfSense.

          But…before trying to understand all that code....i'think to understand that it isn't possible do this without modding pfSense code, right?

          Thanks

          lale

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Read the whole thread.
            You dont need to modify any code.

            You just have to edit the config.xml

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • L
              lale
              last edited by

              Ok, thanks i read the whole thread.

              One more question, i have router in two different public subnet while in the sample routers are in the same local IPs subnet. Can i use this method anyway?

              Thanks

              lale

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                What exactly do you mean your routers are in a different public subnet?
                Can you make a diagram?

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • L
                  lale
                  last edited by

                  INTERNET DSL/ROUTER1 (RFC 1483 routed) (85.37…../29)pfSense________LAN
                        |                                                                                                |  |       
                        |
                  DSL/ROUTER2 (RFC 1483 routed)
                  (82.89...../29)
                  _____|  |___DMZ

                  Hope it's readable :-)

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    I dont really understand how much your dsl/router does.

                    Is it a half bridge? It does the authentication but you configure all IPs out of you /29 subnets manually?

                    Or do you have an IP on the modem-WAN and an IP out of the /29 subnet on the modem-LAN side, and you put as gateway the modem-LAN IP?

                    Or do you have all the /29 IP's on the modem-WAN side and you NAT them into a private subnet? (you would have private IP's in front of pfSense)

                    Hmmm.
                    I'm not so sure if this even is possible with multiple different subnets on WAN.
                    The problem is, that you can define a PARP VIP on the WAN interface for the second subnet, but i dont think pfSense itself can use it to route traffic.

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • L
                      lale
                      last edited by

                      Ok try to explain, on EACH  DSL/MODEM/ROUTER:

                      • on the internet side (MODEM side) i have 1 public static IP;
                      • on the public LAN side (pfSense side) i have a /29 static public IPs subnet, 1 of those IP is assigned to the ROUTER another 1 to pfSense; other IPs of the subnet are set on pfSense as VIP and DNAT to local IP of server in the DMZ;
                      • the provider route all IP of each /29 subnet to the external IP of the MODEM/ROUTER, the modem route those to the public LAN (pfSense side);
                      • i have two lines and so two different /29 subnet.

                      Hope this explains. Actually i have an old Astaro fw that do this with one line, i would change with a new pfSense fw with two lines.

                      Thanks again

                      1 Reply Last reply Reply Quote 0
                      • L
                        lale
                        last edited by

                        Doesn't explains?  ;D

                        1 Reply Last reply Reply Quote 0
                        • GruensFroeschliG
                          GruensFroeschli
                          last edited by

                          I think you need two separate interfaces for the WAN's.
                          Or a VLAN capable switch.

                          We do what we must, because we can.

                          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                          1 Reply Last reply Reply Quote 0
                          • L
                            lale
                            last edited by

                            Ok thanks

                            1 Reply Last reply Reply Quote 0
                            • B
                              BlueReef
                              last edited by

                              @GruensFroeschli:

                              Read the whole thread.
                              You dont need to modify any code.

                              You just have to edit the config.xml

                              i have edit the config.xml. But it keep using the WAN gateway, that i set on : interface/WAN/gateway

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.