On Tue, Feb 10, 2015 at 1:41 AM, Tiernan OToole <tier...@tiernanotoole.ie> wrote: > Good morning all. > > For the year or so, i have been running Microtik Router OS on either their > own hardware or my own hardware, and all has mostly been good, bar the fact > the OS wont see more than 2Gb of ram and my machine has 8... > > Anyway, i decided to install PFsense 2.2 on a new hard drive and plugged in > into my existing hardware, but now i have some questions about getting this > fully working the same way it worked on RouterOS. > > First, some background. The machine in question is an old HP Proliant ML110 > G5 server with an Intel Core2Quad, 8Gb ram, i think its a 500Gb hdd (just > grabbed the first one i could fix) and a mix of network cards giving a total > of 12 GigE connections. There are 3 WAN connections (2 Cable modems at > 200/20 and a VDSL at 100/20, closer to 70ish.) The cable modems give out > public IPs (they are in Bridged mode) and the machine gets an IP via DHCP. > The VDSL is PPPoE. > > I have managed to get a somewhat basic load balancing setup working, and it > does seem to work grand. Speedtest.net, which now seems to be multithreaded, > is giving me download speeds of anywhere from 420 - 480mb/s. > > Now, the real question: > > In RouterOS i could do the following: > > Any incoming traffic (from the LAN) from a given IP address, could be routed > though a given upstream connection, be that a specific WAN connection or a > VPN connection.
You should be able to do this with firewall rules and specifying gateways. *https://doc.pfsense.org/index.php/Multi-WAN#Overview > Any Incoming traffic (from the LAN) to a given IP address or network (for > example BBC) could be routed though a given upstream provider, again WAN or > VPN I think you would need to use floating rules for this. Firewall rules on Interface and Group tabs process traffic in the Inbound direction and are processed from the top down, stopping at the first match. Where no user-configured firewall rules match, traffic is denied. Only what is explicitly allowed via firewall rules will be passed. *https://doc.pfsense.org/index.php/Firewall_Rule_Basics Floating Rules are advanced Firewall Rules which can apply in any direction and to any or multiple interfaces. Floating Rules are defined under Firewall > Rules on the Floating tab. *https://doc.pfsense.org/index.php/What_are_Floating_Rules > All incoming requests that come from a particular WAN connection (eg, web > web request on port 80) will return over that connection, so traffic > requested on port 80 on WAN 1 will be returned to the client on WAN1. > Would this not just be NAT in general? https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense I guess I could see how things may get mixed depending on your configuration. > I think thats all the major issues i have... I think (but could be wrong) i > have the second one working, but i would like to know if there is a better > way of doing it then as follows: > > Firewall, Rules, LAN and i have a connection that says Dest is <IP block>, > dest port *, source is LAN Net, source IP is *, gateway is <upstream i want > to send to>. Seems right, your are going to need floating for the other gateway direction. > > This is the top option, and at the bottom are the standard allow everything > out connections... It processes rules from top to bottom and when matching one stops. > > Am i doing this right? > > Thanks again! > > --Tiernan > > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
