Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Two WAN's One pfSense (Please re-Read First Post - More Info Added)  (Read 3641 times)

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)

If I ever get FTTP I will want to load balance (Maybe it's not load balancing I want ?!) it with my ADSL2 connection (for my old emails).

So I have installed 'haproxy' on my spare pfSense firewall to test. Maybe I do not need haproxy  :shrug2:

Anyone used it. ?

Edit..
I will have a ADSL2 3/0.7 Static IP PPPoE and FTTP 100/20 Static IP PPPoE,  So I will need Two WAN inputs to the firewall, this why I thought using 'haproxy' as it has that function. (Do I need this app to add Two WAN's   :-\)

For a max of 1 year I need to keep my Eclipse connection only for use of port 25 for my emails only.
The main internet access would be from the FTTP connection.
I have one pfSence firewall/router.

I am newish to pfSense  :-\
Looking for guidance how to achieve this.
« Last Edit: June 09, 2021, 12:08:21 PM by tickmike »
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #1 on: June 08, 2021, 04:43:10 PM »

Wouldn't it make more sense to just statically route? If you can only access the email via an Eclipse/KCom IP you'll break things off connections aren't statically routed.

If you can reach without going through KCom the latency and bandwidth differences are too great to be viable and the ADSL is too slow for single threaded apps to run properly.

Just put static routes in place and some NAT. That'll be the cleanest solution.
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #2 on: June 08, 2021, 05:56:45 PM »

I did wonder about the difference between the two connections.

Both connections will have static IP's and will use PPPoE.

I can only use Eclipse port 25 for there Eclipse emails on there internet connection.

Can you give an example how to do it as pfSense only has one PPPoE set up now, I would need two PPPoE dial ups.

Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #3 on: June 08, 2021, 09:58:56 PM »

Basically in Firewall -> Aliases create an Alias with the domain name(s) you use for mail.
Then in Firewall -> Rules -> LAN add a rule above the one that directs Any source traffic and Any destination to the WAN (this is usually the last rule).
The new rule has Source Any and destination the Alias you just created, setting the correct WAN in the Gateway section under Advanced.

This is what I love about pfSense, you can easily see what the rules are supposed to be doing.  Basically any client on the LAN trying to access the Aliased domains (their IP addresses) gets directing out the specified WAN.
« Last Edit: June 08, 2021, 10:05:57 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #4 on: June 09, 2021, 11:28:32 AM »

I have just tried to explain better in my first post what I want to achieve., so I have Edited the first post please all re-read.
I do not think 'Load Balancing' is the correct term.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

craigv

  • Member
  • **
  • Posts: 32
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #5 on: June 09, 2021, 11:41:23 AM »

If I ever get FTTP I will want to load balance (Maybe it's not load balancing I want ?!) it with my ADSL2 connection (for my old emails).

So I have installed 'haproxy' on my spare pfSense firewall to test.

Anyone used it. ?

Edit..
I will have a ADSL2 3/0.7 and FTTP 100/20  So I will need Two WAN inputs to the firewall, this why I thought using 'haproxy' as it has that function.

For a max of 1 year I need to keep my Eclipse connection only for use of port 25 for my emails only.
The main internet access would be from the FTTP connection.
I have one pfSence firewall/router.
Looking for guidance how to achieve this.

So you're looking to share traffic across your two connections? pfsense has this built-in :) no need to install HAproxy, which I believe is more for balancing incoming traffic between servers. If that is the case, the docs are pretty good https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html.

Given the low adsl speed, I'd question whether there's any point sharing connection, but you may want to use it as a failover. Alex's advice regarding ensuring the Eclipse mail traffic goes over the ADSL connection sounds spot on to me though and will be needed if it can only be accessed over the ADSL connection.

C
Logged
RedHotAnt Unlimited 56k -> NTL 750kbit cable -> Virgin Size 4mbit cable -> Sky 5mbit ADSL -> Zen Internet 25mbit VDSL ->  Zen Internet 900mbit FTTP

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #6 on: June 09, 2021, 12:18:09 PM »

Thanks.
I will have a read though the doc's and try some settings on my spare pfSense also try Alex's idea.

Now just got to sort out my spare laptop which had updates yesterday and it killed the Ethernet card  >:D which I need to connect to this spare firewall for testing. :(
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

Chunkers

  • Reg Member
  • ***
  • Posts: 525
  • Brick Wall head-banger
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #7 on: June 09, 2021, 05:46:40 PM »

I load balance 2 WAN ADSL (PPPoE) connections on my pfsense router, I followed the guide here to set it up, it works fine. I don't use haproxy, not sure whether it would be better than my current setup, pfsense supports multi wan load balancing natively.

With my setup and without (much more expensive) bonded connections only a few kinds of applications can utilise the full bandwidth of both connections at the same time e.g. P2P type stuff.

In practice its not much of a problem though as it is generally transparent to users which connection they are using and pfsense does a pretty good job of managing load balancing and failover, just make sure you select the 'sticky connections' option when you set it up

C
« Last Edit: June 09, 2021, 05:50:51 PM by Chunkers »
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #8 on: June 09, 2021, 08:27:10 PM »

As mentioned, haproxy is for load balancing a single WAN to multiple LAN servers rather than the other way around which can be easily done using NAT rules.

Example, what I'm doing:
« Last Edit: June 09, 2021, 08:44:55 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #9 on: June 10, 2021, 11:01:40 PM »

Thanks all.
I have still got to put this on hold as I need to get the Ethernet card working on my spare laptop to connect to pfSense .

A simple PCLinuxOS update has killed it and lots of other people are having grief trying to get things working again.
The joys of Linux  :(
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #10 on: July 23, 2021, 04:17:46 PM »

At long last I have my Ethernet connection now working on my spare laptop and I have that hooked up to my spare pfSense firewall only.

Un-installed 'haproxy' It was not needed.

Set up the Two WAN's

I have set up the new WAN = TN_WAN using a spare NIC
And the WAN that was already set up, now named = E_WAN

I had a go at setting up 'FailOver'  TN_WAN will be Tier 1   (default).
and if that goes down E_WAN = Tier 2 and should take over    I hope  :-\

So I think  :-\ I have followed Alex's  set up details for Eclipse emails on E_WAN.  :)

I have moved my 'port' forwarding rule for my backup server from E_WAN to TN_WAN that goes to my 'Orange' LAN just for the backup server use.

Now E_WAN is complaining that because I have no rules all will be block All.  :'(

Do you think because only port 25 is going to be used for my Eclipse emails (**Except in Failover !) I could set up some kind of rule for the E_WAN  to stop it complaining ?.
** I will need another rule in Failover that it use's the full ADSL2 connection not just port 25.
Any ideas please.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

meritez

  • Content Team
  • Kitizen
  • *
  • Posts: 1623
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #11 on: July 23, 2021, 04:31:50 PM »

You could setup a thinkbroadband monitor to ping the adsl and then setup a rule to allow it to do so..
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #12 on: July 23, 2021, 08:04:53 PM »

WAN rules and port forwarding are regarding INCOMING connections initiated from the Internet, you don't need any unless you are have incoming services on the LAN you need accessible from the WAN, or to enable ICMP response for ping, stuff like that.

If you want to specifically access an e-mail server at Eclipse then you would create an Alias for their e-mail server hostname (this allows pfSense to automatically do a DNS lookup on it in case it uses more than one IP address) then create a LAN rule that sends any attempt to connect to that server down the Eclipse WAN.  I do the same for US sites that are region locked in the following pic (cropped entries you can leave default/empty).
« Last Edit: July 23, 2021, 08:18:00 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #13 on: July 24, 2021, 02:49:24 PM »

WAN rules and port forwarding are regarding INCOMING connections initiated from the Internet, you don't need any unless you are have incoming services on the LAN you need accessible from the WAN, or to enable ICMP response for ping, stuff like that.
:-[ Thanks for the reminder, It's that I have never used a Two WAN set up before.
Quote
If you want to specifically access an e-mail server at Eclipse then you would create an Alias for their e-mail server hostname
Think I have done that.
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Two WAN's One pfSense (Please re-Read First Post - More Info Added)
« Reply #14 on: July 30, 2021, 10:51:37 AM »

Now I have FTTP   :) also keeping my ADSL2 connection I set up pfSense for Dual WAN with ADSL2 for 'FailOver' if FTTP goes down.

That seems to work ok.  :)

But Sending of Eclipse email only over ADSL2 port 25   Does Not Work with Dual WAN set up, But Does still work when only ADSL2 is up and FTTP is Down.

I created an Alias>Firewall
with name Eclipse_Mail
and used
smtp.eclipse.co.uk as the domain name .

Then set a rule up.
Firewall>Rules
Action = pass
Interface = LAN
Protocol = Any
Source = Any
Destination = Alias = Eclipse_Mail
setting the correct WAN in the Gateway section under Advanced.
Save.

I get an Error Message.

An Error Occurred While Sending Mail: The Mail Server Sent An Incorrect Greeting:

Looks like it's just trying to use port 25 on FTTP WAN Not ADSL2 WAN  :-\
« Last Edit: July 30, 2021, 09:17:14 PM by tickmike »
Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.
Pages: [1] 2
 

anything