Multi-WAN on single interface

  • Hi all,

    i'm going to configure a pfSense fw in this scenario:

    • 1 DSL line with 8-IPs static&public;
    • 1 DSL line with 8-IPs static&public;
    • DMZ;
    • LAN;
    • WIFI LAN;

    I would implement load-balancing with DSL lines but…is it possible to connect both public subnet to 1 ethernet interface (think using VIP) and implement load-balancing?




    Are you using DSL-modem-routers?
    Or do you intend to perform the PPPoE authentication on pfSense itself?

  • Thanks for fast reply!!!

    yes i use two DSL-modem-router and don't need authentication on pfSense.

    But…before trying to understand all that code....i'think to understand that it isn't possible do this without modding pfSense code, right?



  • Read the whole thread.
    You dont need to modify any code.

    You just have to edit the config.xml

  • Ok, thanks i read the whole thread.

    One more question, i have router in two different public subnet while in the sample routers are in the same local IPs subnet. Can i use this method anyway?



  • What exactly do you mean your routers are in a different public subnet?
    Can you make a diagram?

  • INTERNET DSL/ROUTER1 (RFC 1483 routed) (85.37…../29)pfSense________LAN
          |                                                                                                |  |       
    DSL/ROUTER2 (RFC 1483 routed)
    _____|  |___DMZ

    Hope it's readable :-)

  • I dont really understand how much your dsl/router does.

    Is it a half bridge? It does the authentication but you configure all IPs out of you /29 subnets manually?

    Or do you have an IP on the modem-WAN and an IP out of the /29 subnet on the modem-LAN side, and you put as gateway the modem-LAN IP?

    Or do you have all the /29 IP's on the modem-WAN side and you NAT them into a private subnet? (you would have private IP's in front of pfSense)

    I'm not so sure if this even is possible with multiple different subnets on WAN.
    The problem is, that you can define a PARP VIP on the WAN interface for the second subnet, but i dont think pfSense itself can use it to route traffic.

  • Ok try to explain, on EACH  DSL/MODEM/ROUTER:

    • on the internet side (MODEM side) i have 1 public static IP;
    • on the public LAN side (pfSense side) i have a /29 static public IPs subnet, 1 of those IP is assigned to the ROUTER another 1 to pfSense; other IPs of the subnet are set on pfSense as VIP and DNAT to local IP of server in the DMZ;
    • the provider route all IP of each /29 subnet to the external IP of the MODEM/ROUTER, the modem route those to the public LAN (pfSense side);
    • i have two lines and so two different /29 subnet.

    Hope this explains. Actually i have an old Astaro fw that do this with one line, i would change with a new pfSense fw with two lines.

    Thanks again

  • Doesn't explains?  ;D

  • I think you need two separate interfaces for the WAN's.
    Or a VLAN capable switch.

  • Ok thanks

  • @GruensFroeschli:

    Read the whole thread.
    You dont need to modify any code.

    You just have to edit the config.xml

    i have edit the config.xml. But it keep using the WAN gateway, that i set on : interface/WAN/gateway

Log in to reply