Multiple WAN, no LB or FO, DHCP Client groups per WAN



  • This is the best scenario I've seen so far,

    http://serverfault.com/questions/593900/pfsense-different-gateway-for-different-hosts
    I tried the recommended firewall rules, but they didn't appear to work right.

    I've been running PFsense for a few months now, and I've got everything working to my liking for the most part.  What's been bugging me is how I do it.

    I was recently looking into an EdgeMax from Ubiquiti - then realized that I'm nowhere near savy enough to configure this thing - so I'm back to pfsense, which I do love.
    I posted this,

    Rough overview -

    192.168.1.1 - pfsense router with 2 NICS - WAN/LAN.  ISP 1 comes in here.  LAN goes to TP-Link.  All clients obtain DHCP from here
    192.168.1.2 - ISP #2 Modem
    192.168.1.3 - ISP #3 Modem
    192.168.1.4 - TPLink Smart switch - no advanced features used - ISP#2 and ISP3 and Both Netgears go here.
    192.168.1.99 - Unifi AC AP Pro - DHCP Disabled
    192.168.1.98 - Netgear in Wifi AP mode - DHCP Disabled
    Netgear gigabit dumb-switch

    The TP-Link DOES do vlan tagging, im just not sure how to make all this work together.

    I DID make a crappy picture

    All clients obtain DHCP from 192.168.1.1, and are statically mapped - I can assign unique default gateways to each static lease - so for devices 1-10 I have them set to use default gateway 192.168.1.1 (which will then use WAN ISP #1, devices 11-30 I have set 192.168.1.2, 30-40 are set to 192.168.1.3.

    Additionally, I assign DNS here - either OpenDNS IP's or Google DNS depending on the device.  I then apply rules that will block all port 53 for devices 1-10, except for OpenDNS IP's.  This blocks DNS for devices 1-10, unless that DNS goes to OpenDNS IP's.

    Finally, I throttle Lan to WAN on 192.168.1.1.  As other client devices are using 192.168.1.2 and .3 as their default gateway - these rules dont effect them.  They bypass the router completely.  I'd like to fix that.

    This works great, aside from the manual management of these and some issues with routing.  I am unable to RDP back into a device using gateway 192.168.1.3, and uPnP is spotty.  I want to toss the tplink and the pfsense router, have all of the ISP's come into the same device, and manage my client WAN separation with groups or aliases.  I do not want to do WAN load balancing, but it would be cool to failover ISP1 to ISP2, ISP3 to ISP2, etc if one happens to go down.  Additionally, I want to throttle WAN usage on a per client, or group basis.

    I do all of this due to the fact that I live up in the mountains, with a house full of tech - ISP1 and 2 are roughly 7/0.5mbps - ISP3 is roughly 70/20mbps.  I do not want WAN traffic from the rest of the house mixing with my devices on ISP3, used for business and play.  This will keep the rest of my family happy, as the rage experienced while gaming and a child decides that RIGHT NOW is the best time to download all the things, youtube and netflix at the same time, can be avoided with the right routing.