Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multi wan routing over multi ip addresses in the same block - possible?

    Routing and Multi WAN
    2
    8
    2510
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jsl last edited by

      Hi, excuse my ignorance and i haven't seen any examples of this (plenty for multiple dsl lines and separate ip address blocks)

      I have a dsl line with a block of static ip addresses. of these 5 are free - my question is :

      Is it possible to configure pfSense to do load balancing over these ip addresses such that each outgoing connection rotates through the one of the possible addresses. I've seen examples of multiple addresses in the same block but these all have different gateways, obviously these addresses share the same gateway address.

      I've tried a few combinations but they don't seem to work also I've access to multiple quad ethernet cards so the number of ports for the wan side is not a problem, or is it possible with just one?

      Any suggestions or help..

      Thanks

      1 Reply Last reply Reply Quote 0
      • dotdash
        dotdash last edited by

        Discussed here:
        http://forum.pfsense.org/index.php/topic,8929.0.html

        1 Reply Last reply Reply Quote 0
        • J
          jsl last edited by

          @dotdash:

          Discussed here:
          http://forum.pfsense.org/index.php/topic,8929.0.html

          Cheers for that, i'd missed it while searching… One other question is can i combine the method suggested with other outbound load balancing.

          For example say i have 3 dsl lines with 5 ip addresses each, would listing all 15 ip address in the nat rule work?

          I'm guessing in this case i skip the normal load-balancing setup

          1 Reply Last reply Reply Quote 0
          • dotdash
            dotdash last edited by

            The outbound NAT rules are per-interface, so each wan would have separate translation rules. You would have to combine this with standard outbound LB- setup a load-balanced pool and point the LAN traffic to the load-balancer by changing the gateway on the appropriate firewall rule.

            1 Reply Last reply Reply Quote 0
            • J
              jsl last edited by

              Hi, i've had to leave playing with this for a bit, but going back to it now. It would seem i need to enter addresses into the translation part of the outbound nat rule. Is this correct?
              The GUI only allows one address or the value "any". I've tried to modify the config file to add multiple targets but get an error.

              The thread pointed deems it is possible and editing the nat tables directly looks plausible, but i'd like to avoid that if possible as i'm using pfsense to avoid editing config files directly.

              Am i going about this the right way or have i missed something obvious?

              Thanks

              1 Reply Last reply Reply Quote 0
              • dotdash
                dotdash last edited by

                My thought is that someone could try editing the pf rules directly and test the functionality. If it works, then you would know the syntax that the webgui would have to use and could then try to modify the relevant bits of the webgui. If you got that far, you could submit the diffs to the core team for review. I think this functionality would be nice, but right now I don't need it and have too many projects going to play with it.

                1 Reply Last reply Reply Quote 0
                • J
                  jsl last edited by

                  I could have have play with the settings, i've looked on the box and pf.conf seems to be empty (well it looks like a demo file with everything commented out. Are the rules written somewhere else?

                  1 Reply Last reply Reply Quote 0
                  • dotdash
                    dotdash last edited by

                    The running ruleset should be in /tmp/rules.debug
                    You can copy that file, edit it, and use pfctl -f to load it.
                    Of course, that will be nuked if you make any changes in the gui…

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy