The pfSense Store

Author Topic: 3 WAN -> 1 LAN, cannot figure it out  (Read 1825 times)

0 Members and 1 Guest are viewing this topic.

Offline Synackaon

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
3 WAN -> 1 LAN, cannot figure it out
« on: July 22, 2010, 03:05:34 pm »
Last week, we discarded our two residential connections in favor of three (3) business class cable connections from one company instead of two separate providers.

But I cannot get load balancing to work! I hoped to make gateway group kosh work, but it doesn't.


WAN01 - DHCP (currently 24.43.32.180), gateway 24.43.32.129 {wan}, Virtual IP 19.0.0.1/24
WAN02 - DHCP (currently 24.43.32.145), gateway 24.43.32.129 {opt1}, Virtual IP 18.0.0.1/24
WAN03 -DHCP (currently 24.43.32.143) ,gateway 24.43.32.129  {opt2}, Virtual IP 17.0.0.1/24

My firewall rules are:
Code: ("floating") [Select]
  ID   Proto   Source   Port   Destination   Port   Gateway   Queue   Schedule   Description  
  * LAN net * 169.0.1.0/24 * * none    
  * LAN net * 169.0.2.0/24 * * none    
  * LAN net * 169.0.3.0/24 * * none    

Code: ("lan tab") [Select]
  ID   Proto   Source   Port   Destination   Port   Gateway   Queue   Schedule   Description  
  * LAN net * * * * none   Default allow LAN to any rule

I have a gateway group, kosh:

Code: ("Gateway group") [Select]
Group Name   Gateways   Priority   Description  
kosh GW_WAN Tier 1
GW_OPT1 Tier 1
GW_OPT2 Tier 1
Code: ("Gateways") [Select]
Name   Interface   Gateway   Monitor IP   Description  

GW_WAN WAN1 dynamic 24.43.32.129 Interface wan dynamic gateway  
GW_OPT1 WAN2 dynamic 24.43.32.129 Interface opt1 dynamic gateway  
GW_OPT2 WAN3 dynamic 24.43.32.129 Interface opt2 dynamic gateway
Code: ("NAT Out") [Select]
Interface   Source   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description  
WAN   any * 169.0.1.0/24 * 169.0.1.1 * NO wan1 out  
WAN2   any * 169.0.2.0/24 * 169.0.2.1 * NO wan2 out  
WAN3   any * 169.0.3.0/24 * 169.0.3.1 * NO wan3 out  
WAN   any * * * * * NO wan1 out default  
WAN2   any * * * * * NO wan2 out default  
WAN3   any * * * * * NO wan3 out default  
« Last Edit: July 22, 2010, 09:51:30 pm by Synackaon »

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: 3 WAN -> 1 LAN, cannot figure it out
« Reply #1 on: July 23, 2010, 05:23:20 pm »
You can't have 3 WANs with the same gateway, each gateway must be unique.

Offline MrHorizontal

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: 3 WAN -> 1 LAN, cannot figure it out
« Reply #2 on: July 27, 2010, 03:02:51 am »
You can't have 3 WANs with the same gateway, each gateway must be unique.

While this is understandable, given it's Layer 3, but is it possible to do this on Layer 2?

I know you could try to use LAGG I suppose for connections of equal bandwidth, but doesn't 'feel right' - is there any way that apinger can be configured to be interface-centric instead of gateway-centric?

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3364
  • Karma: +2/-0
    • View Profile
Re: 3 WAN -> 1 LAN, cannot figure it out
« Reply #3 on: July 27, 2010, 06:00:42 am »
Its a routing problem not an apinger one.

Offline MrHorizontal

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: 3 WAN -> 1 LAN, cannot figure it out
« Reply #4 on: July 27, 2010, 10:04:38 am »
Its a routing problem not an apinger one.

Sorry I was digressing the topic.

I was asking whether load balancing be achieved at Layer 2 (ie MAC addresses/interfaces) instead of Layer 3 (ie IP addresses and gateways), without using LAGG?

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: 3 WAN -> 1 LAN, cannot figure it out
« Reply #5 on: July 27, 2010, 07:36:47 pm »
I was asking whether load balancing be achieved at Layer 2 (ie MAC addresses/interfaces) instead of Layer 3 (ie IP addresses and gateways), without using LAGG?

No. Since it's going to be the same MAC, it's unpredictable which interface will see it first.