Dual WAN with pfsense www.TomSchaefer.org A Tech Blog for Geeks About Dual WAN with pfsense By Thomas | March 6, 2009 pfsense is a FreeBSD router OS that can be installed on embedded systems or PC/Server PC hardware. Its a free, open source customized distro based off of FreeBSD 7 specifically tailored for use as a firewall and router. Its one of the most secure router OS’s out there. Large corporation and universities use this router OS because of the stability, failover, and stacking capabilities. If you have heard of M0n0wall or IPCop then you should have an idea what pfsense is. For my use I used the same exact hardware that I used to build the IPCop router that I reported on 3 ● Search for: ● TomSchaefer.org RSS ❍ New things happening ❍ WebServer ❍ Team Speak ❍ Services ❍ Media Sharing Back online ❍ CS:S Server ❍ Game Server Page ❍ Site now restored ❍ SubDomains for tomschaefer.org ❍ Forum Updates ● Blogroll ❍ Ash Blog ❍ Jason Kimball ❍ SysAdminBlog http://www.tomschaefer.org/web/wordpress/?p=538 (1 of 20) [2/20/2010 10:49:57 AM]
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Dual WAN with pfsense
www.TomSchaefer.orgA Tech Blog for Geeks
About
Dual WAN with pfsenseBy Thomas | March 6, 2009
pfsense is a FreeBSD router OS that can be installed on embedded systems or PC/Server PC
hardware. Its a free, open source customized distro based off of FreeBSD 7 specifically tailored for
use as a firewall and router. Its one of the most secure router OS’s out there. Large corporation and
universities use this router OS because of the stability, failover, and stacking capabilities. If you have
heard of M0n0wall or IPCop then you should have an idea what pfsense is.
For my use I used the same exact hardware that I used to build the IPCop router that I reported on 3
● Search for:
● TomSchaefer.org RSS�❍ New things happening
�❍ WebServer
�❍ Team Speak
�❍ Services
�❍ Media Sharing Back online
�❍ CS:S Server
�❍ Game Server Page
�❍ Site now restored
�❍ SubDomains for tomschaefer.org
�❍ Forum Updates
● Blogroll�❍ Ash Blog
�❍ Jason Kimball
�❍ SysAdminBlog
http://www.tomschaefer.org/web/wordpress/?p=538 (1 of 20) [2/20/2010 10:49:57 AM]
Hey Thanks for the Comment. One thing to note is that pfsense cannot currently support the same
gateway on mulitple interfaces. There is an on going bounty that is currently working to fix this. We
may see it in pfsense 2.0, but I don’t expect to see it any time soon.
You could use any responsive IP as a monitor. That will work, however this is a seperate issue than
gateway homage. Check out the forum on pfsense.org.
To answer you sec0nd question, yes a small bridge would be a cheap NAT device. This is the only
option that the pfsense moderators and devs offer to overcome the one gateway one interface
limitation, untill a solution is developed. I used and old Linksys router with NAT enable and SPI
disabled. I even put the NAT IP in the DMZ to ensure port forwarding remains simple and secure.
Feel free to email me at any time if you want to chat. I am also on MSN and Yahoo Messeger almost
all day. You can find my email around my site, check my forum.
5.
GregPosted June 8, 2009 at 04:01 | Permalink
My Wan gateway address is the same as the OPT1 gateway. I have two DSL lines from the same ISP.
What is the trick to setup the bridge for this? By the way, the best and clear guide I’ve seen. Thank
you in advance for your help.
6.
TomPosted June 8, 2009 at 05:34 | Permalink
Hey Greg! Thank you for the compliment. The trick is to put a simple gateway between Opt1 and your http://www.tomschaefer.org/web/wordpress/?p=538 (7 of 20) [2/20/2010 10:49:57 AM]
second cable modem. Specifically I used an old Linksys Router.
I assigned the old router a 10.0.0.0 address (something like 10.0.0.1) and enabled DHCP on it so that
OPT1 address would be 10.0.0.2. Disable the firware and put 10.0.0.2 or your OPT1 address in the
DMZ (let pfsense handle your port forwading).
When you configure the Gateway for OPT1 just use the 10.0.0.1 address because the old linksys
device is between the connection of your OPT1 and your Cable modem. That is the easiest and most
secure way.
Hopefully pfsense will support the same gateway in the future. Please reply to my email if you want
furthur details. Take care.
7.
GregPosted June 22, 2009 at 02:06 | Permalink
Hi Tom! Ok, it has been about twelve days since my changes to the load balance and is working just
fine with one exception. I’ve notice that the load is uneven. Like, 3 to 1 ratio. For every 100mb on the
WAN, the OPT1 is 25mb. Both NIC cards are the same and my ISP provider is the same company and
I don’t have currently another choice. Also, both modems are the same model and connection speed.
I have looked at pfSense forum readings and have yet to find a solution that works. I read someone’s
comment to add one gateway more than once to the pool and that should take care of it, but the true
is that it didn’t work. My assumption is that I must be missing some other configuration. Any
thoughts?
8.
TomPosted June 22, 2009 at 03:05 | Permalink
It could be two different things. I have experianced what you just described before and I fixed it by
forcing the ratio. Check out http://forum.pfsense.org/index.php/topic,14333.0.html
Even if the connections are the same you can still force the ratio so that you can get a balanced load.
The other thing is it could be a miss configured firewall rule. I woult d also check your Outbound http://www.tomschaefer.org/web/wordpress/?p=538 (8 of 20) [2/20/2010 10:49:57 AM]
I followed all the steps above and works like a charm. Thank you for the guide!!
33.
MikePosted January 26, 2010 at 12:00 | Permalink
Hey, anyone know how to get dual WAN working with pfsense 2.0? Chris has changed everything
around and now the “LoadBalancer” option is for server load balancing not connection balancing so
the “Pools” do not work the way they are described in here. I think “Pools” in 2.0 are “Gateway” or
“Gateway Groups” Not too sure. Like the rest, for an open source community, the PFSense forum falls
flat on its face for any sort of help.
34.
TomPosted January 26, 2010 at 14:25 | Permalink
What is the benefit of running 2.0? 2.0 is based on an old freeBSD build 1.2.3 is based on a newer
build. If you want security and stability I would recommend going to 1.2.3, 2.0 is still experimental
and is going through a complete rewrite.
35.
psd_stevePosted January 30, 2010 at 19:07 | Permalink
I played with 2.0 (to include the 24 Jan Build) It is definitely still beta. Lots of things simply do not
work. Using this guild I got my 1.2.3 rocking on multi-wan with the load balancer. Great guild, thank http://www.tomschaefer.org/web/wordpress/?p=538 (17 of 20) [2/20/2010 10:49:57 AM]
I have a question following up an earlier comment by Mike and it concerns fail-over of incoming
connections (outgoing connections work fine every time via load-balancing gateways).
We have a simple pfSense ver. 1.2.3 setup with two outgoing interfaces WAN and WAN2|OPT1. We
also offer NAT port mapped services from the inside (over the pfSense LAN interface) like HTTP and
IMAP.
Our concern is that these internal services should be available either through WAN or WAN2, if
either one goes down.
However, in our tests when we bring WAN down, WAN2 ceases to respond. It appears that pfSense is
missing its default gateway (since WAN is down) and fails to respond to any incoming requests over
WAN2.
This assumption is further supported by doing the following test:
- bring WAN down
- cannot ping WAN2 from IP 1.2.3.4
- add static route to pfSense with gateway WAN2 for IP 1.2.3.4
- pinging WAN2 from IP 1.2.3.4 now works!
(WAN interface is still down)
Is there anyway to have multiple default gateways in pfSense? Or would you recommend any other
solution?
http://www.tomschaefer.org/web/wordpress/?p=538 (18 of 20) [2/20/2010 10:49:57 AM]
Dual WAN with pfsense
Thank you, Tasis
37.
germanPosted February 9, 2010 at 10:52 | Permalink
Muchas gracias fue de mucha ayuda sus instrucciones
38.
ObsergybubnugPosted February 11, 2010 at 11:15 | Permalink
Anyway i was looking at this www page and find it to be quite useful. I would greatly be thankful for
any assistance.
Just lately, Louisville has came about as a major gathering place for the health care and healthcare
sciences industries. Louisville has been key to developments in heart and hand surgical procedure as
well as cancer therapy. Quite a few of the first man made cardiovascular system transplants were
conducted in Louisville. Louisville’s booming downtown medical research university includes the
brand-new $Eighty-eight thousand rehabilitation facility, and a health sciences research and
commercialization park which, in relationship with the University of Louisville, has lured nearly
Seventy top rated people and researchers. Louisville is usually also house to Humana, one of the
nation’s premier health insurance coverage businesses.
Louisville is home to various major firms and organizations.
Post a Comment
Your email is never published nor shared. Required fields are marked *http://www.tomschaefer.org/web/wordpress/?p=538 (19 of 20) [2/20/2010 10:49:57 AM]