\u00a0<\/p>\n
WTF is pfSense? Look here…\u00a0 This guide will show you how to setup two connections that require DHCP.\u00a0<\/p>\n You can extend this to 3, 4, 5, etc connections, as many as your\u00a0motherboard can handle.\u00a0<\/p>\n In this example, I demonstrate the use of a simple routing policy to\u00a0assign one PC to use Optus Cable, and the other PC to use Telstra Cable.\u00a0<\/p>\n Before I go forward, if you have Telstra Cable, be sure this works first.\u00a0 Once you know your ISPs work fine with pfSense, then proceed.\u00a0<\/p>\n Test setup for pfSense (router\/firewall) box…<\/span>\u00a0 Regarding system requirements : Because pfSense is aimed for the\u00a0business class, the requirements are hefty compared to other solutions.\u00a0<\/p>\n Its recommended that you get at least a PII\/PIII, Duron, VIA C3, etc if\u00a0you want all the features. Its also recommended that you have 128MB or\u00a0more RAM. I’ve tried pfSense on a Pentium 150Mhz with 48MB RAM, but\u00a0its quite sluggish.\u00a0<\/p>\n In the case of Multi-WAN, it is better to get something with more RAM\u00a0and grunt, with quality brand of network cards. (Used or 2nd hand Intel\u00a0NICs are quite cheap, and perfect for this role).\u00a0<\/p>\n If you have a WRAP or Soekris embedded board, you can use that, as\u00a0pfSense has a version for this class of platform.\u00a0<\/p>\n ALSO NOTE: I’ve used a CD-ROM\/Floppy as the test platform for this guide.\u00a0 If you want, you can use a Compact Flash card with CF to IDE adapter OR\u00a0Use a Disk-On-Module (DOM)…But make sure you disable swap file by\u00a0deleting the swap partition. (Do this when you install pfSense).\u00a0<\/p>\n It is necessary to disable swap for DOMs and CF implementations due\u00a0to their limited number of writes. (I think its about 10,000 before it dies).\u00a0<\/p>\n Bare in mind, some functions rely on a swap partition, so they may not\u00a0function properly without swap. If you don’t need those functions, don’t\u00a0worry about it.\u00a0<\/p>\n Network card assignments<\/span>\u00a0 I’m using three network cards which are the same, this is why they will\u00a0be labelled fxp0, 1, and 2. Remember, PCs start with 0, not 1.\u00a0 WAN = This connects to your 1st ISP.\u00a0<\/p>\n OPT1 = Optional 1 is renamed WAN2. This connects to your 2nd ISP.\u00a0 LAN = This connects to your PC or a switch for your network behind the\u00a0firewall.\u00a0<\/p>\n SO, in this example…\u00a0<\/p>\n WAN<\/span>\u00a0=> Telstra Cable (due to bpalogin being needed) => BigPond (DHCP)\u00a0 NOTE : Be aware that WAN2, 3, 4 and so on, only supports DHCP or Static\u00a0IP. If you need PPPoE, etc, you need to stick a modem with ethernet port\u00a0in front of the pfSense box.\u00a0<\/p>\n IP address of PC 1 on the LAN side => 192.168.1.10\u00a0 I point PC 1 to WAN (Telstra) and PC 2 to WAN2 (Optus)\u00a0<\/p>\n Network Layout (For this guide)<\/span>\u00a0<\/p>\n My settings in pfSense…<\/span><\/p>\n Firstly, you need to tell pfSense’s NAT that connections from the LAN can\u00a0go to your WAN connections. (Connections to your Cable\/ADSL\/modem\/etc. Anything that accepts ethernet.)<\/p>\n For\u00a0Firewall<\/span>\u00a0=>\u00a0NAT<\/span>\u00a0Settings… The * under\u00a0Destination<\/span>,\u00a0Destination Port<\/span>,\u00a0NAT Address<\/span>\u00a0and\u00a0NAT Port<\/span>\u00a0is the “any” option in pfSense.<\/p>\n Now the following is where you define specific firewall rules. For\u00a0Firewall<\/span>\u00a0=>\u00a0Rules<\/span>\u00a0Settings…<\/p>\n As before, the * under\u00a0Proto<\/span>,\u00a0Port<\/span>,\u00a0Destination<\/span>,\u00a0Port<\/span>, is the “any” option. The * under\u00a0Gateway<\/span>\u00a0is the default WAN\u00a0connection. Or your 1st WAN connection.\u00a0<\/p>\n That’s it.\u00a0<\/p>\n NOTE : You may need to manually specify which DNS server should be\u00a0used as pfSense will sometimes use DNS servers from each WAN for\u00a0certain periods.\u00a0<\/p>\n NOTE 2 : If you’re using Telstra Cable, either manually assign Telstra’s\u00a0DNS server first OR use pfSense’s default setting…ie : Let DHCP handle\u00a0everything. (Override with DHCP settings)\u00a0<\/p>\n You can also set up a De-Militarised Zone (DMZ) for your servers, and\u00a0such and then manually specify rules or forward ports for your servers, etc.\u00a0 Remember, this is NOT loadbalancing. This is useful if you want to\u00a0consolidate multiple ISP connections into one router. This method is\u00a0very simple and easy to work with as you don’t need to worry about\u00a0VPN and such, like you do with loadbalancing.\u00a0<\/p>\n Depending on your requirements and situation, you may find this a\u00a0cheaper approach than buying a commercial router. Its up to you to\u00a0assess if this is a viable solution for your needs.\u00a0<\/p>\n References<\/span>\u00a0<\/p>\n The pfSense FAQ\u00a0 Setting up policybased routing with multiple WAN-links (PDF)\u00a0 \u00a0 This is an example of how you set up pfSense to support multiple ISPs.\u00a0\u00a0\u00a0 WTF is pfSense? Look here…\u00a0 =>\u00a0http:\/\/www.pfsense.com\/\u00a0 This guide will show you how to setup two connections that require DHCP.\u00a0 You can extend this to 3, … Continue reading
\n=>\u00a0http:\/\/www.pfsense.com\/<\/a>\u00a0<\/p>\n
\nMake sure you can connect to it via pfSense before proceeding.\u00a0
\npfSense has a bpalogin client for this, so you do NOT need to use the\u00a0Telstra client program anymore.\u00a0<\/p>\n
\n* Celeron 1.2Ghz\u00a0
\n* 512MB RDRAM\u00a0
\n* i820 chipset mobo (ASUS P3C-D)\u00a0
\n* 3x Intel NICs (i82559 chipset)\u00a0
\n* CD-ROM\u00a0
\n* Floppy\u00a0
\n* pfSense 0.95 LiveCD\u00a0
\n* ISP1 : Telstra Broadband Cable (10Mbit\/128k)\u00a0
\n* ISP2 : Optus Cable (10Mbit\/256k)\u00a0<\/p>\n
\nBe aware that it is recommended that you use a hard disk.\u00a0<\/p>\n
\n1st network card => fxp0 => LAN\u00a0
\n2nd network card => fxp1 => WAN\u00a0
\n3rd network card => fxp2 => OPT1 (re-designated as WAN2)\u00a0<\/p>\n
\nI also needed to note down the MAC addresses of each card as a result.\u00a0<\/p>\n
\n(If you have more NICs, they’ll be called OPT2, 3, 4, etc. You can rename\u00a0later when you login to pfSense via web browser…)\u00a0<\/p>\n
\nWAN2<\/span>\u00a0=> Optus Cable (DHCP)\u00a0
\nLAN => Static IP (labelled as 192.168.1.1)\u00a0<\/p>\n
\nIP address of PC 2 on the LAN side => 192.168.1.12\u00a0<\/p>\n\n
WAN (Telstra)\u00a0 \u00a0 \u00a0 \u00a0WAN2 (Optus)
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0 \u00a0 \u00a0\/
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 pfSense
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0|
\n\u00a0 \u00a0 \u00a0 \u00a0 8-Port Switch
\n\u00a0 \u00a0 \u00a0 \u00a0 |\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0|
\n\u00a0 \u00a0 \u00a0 \u00a0PC 1\u00a0 \u00a0 \u00a0 \u00a0 PC 2
\n<\/code><\/dd>\n<\/dl>\n
\nI’ve checked\u00a0Enable advanced outbound NAT<\/span>\u00a0in the\u00a0Outbound<\/span>\u00a0section.<\/p>\n\n
Interface\u00a0 \u00a0Source\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Destination\u00a0 \u00a0 \u00a0Destination Port\u00a0 \u00a0 \u00a0NAT Address\u00a0 \u00a0NAT Port\u00a0 \u00a0Description
\nWAN\u00a0 \u00a0 \u00a0 \u00a0 \u00a0192.168.1.0\/24\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0*\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0*\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 For Telstra
\nWAN2\u00a0 \u00a0 \u00a0 \u00a0 192.168.1.0\/24\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0*\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0*\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 For Optus
\n<\/code><\/dd>\n<\/dl>\n
\nThis is where you control which PC\/system uses which ISP.<\/p>\n\n
Proto\u00a0 \u00a0Source\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port\u00a0 \u00a0Destination\u00a0 \u00a0Port\u00a0 \u00a0Gateway\u00a0 \u00a0Description
\n*\u00a0 \u00a0 \u00a0 \u00a0192.168.1.10\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0*\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0PC 1 -> Telstra\u00a0 \u00a0 \u00a0
\n*\u00a0 \u00a0 \u00a0 \u00a0192.168.1.12\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 *\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0*\u00a0 \u00a0 \u00a0 WAN2\u00a0 \u00a0 \u00a0 PC 2 -> Optus
\n<\/code><\/dd>\n<\/dl>\n
\n(If you need to forward ports, this is found in the NAT section, NOT\u00a0in the Rules section).\u00a0<\/p>\n
\nhttp:\/\/faq.pfsense.org<\/a>\u00a0<\/p>\n
\npolicybased_multiwan<\/a><\/span><\/div>\n