2

What is the best way to split the computers of a LAN (about 50 computers) to go on two WANs, depending on the computers' IP address or computers' configuration (gateway). I'm not looking for load-balancing, I need to be able to route which computer uses which Internet connection.

A solution would be to rewire the old office to split the two distinct groups that need to use two different Internet connections but I'm not sure it's worth it at the moment.

I have a pfSense router configured with the LAN (DHCP), WAN1 and WAN2. I also have the IP addresses (and ability to configure) the next router on WAN1 and the one on WAN2.

What would you suggest? Routing based on IP addresses ranges? Different gateways? VLANs would be difficult for the same reason as to why rewire is a bit complicated.

Thanks!

// Edit:

The rationale is: imagine a big old office floor with two or three companies renting it. The wiring was done when as for one company, mixing in multiple switches in multiple locations across the big floor. One company is paying for a simple Internet connection, the other one for a dedicated link to its server.

lpfavreau
  • 439
  • 2
  • 8
  • 19
  • 1
    Whats the rationale for splitting it into two networks to begin with? What the root problem are you wanting to solve? – hookenz May 18 '10 at 04:28
  • We had a similar situation where we had a SAAS that was locked down to a single IP address, but we had multiple WAN links, so requests to/from particular IP addresses that needed to access the service would always route down a single WAN connection – Mark Henderson May 18 '10 at 04:38
  • Do the computers need to be in the same LAN or separate isolated LAN's? – hookenz May 18 '10 at 07:07
  • @Matt: All the computers are sharing the same LAN at the moment: wiring patched through the walls, the desktops on one side going to a switch, the other side to another switch, then both side joining up. But the "real offices" are not physically divided like that. If you have an idea on how to separate this in two or more LAN, it would be a viable solution too. – lpfavreau May 18 '10 at 11:03

2 Answers2

5

We've done this before in PFSense.

If your IP addresses are grouped together it's easier, otherwise you have to create a rule for each and every IP address.

In the WAN Firewall rules, create a rule matching:

Protocol: any
Source: x.x.x.x (or a range, if appropriate)
Destination: any
Gateway: (select WAN connection)

You might want to create two failover groups (WAN1->WAN2, and WAN2->WAN1) so that if one WAN goes down it will failover to the other WAN, but won't use it otherwise (if this is appropriate)

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • Thank you Farseeker. I could group the IP address without too much hassle. How do you handle ranges more appropriately in pfSense? – lpfavreau May 18 '10 at 11:06
  • PFSense will allow you to create a rule based on an IP Range rather than individual IP addresses. I can't remember off the top of my head, but you either specify a start/end address, or a start address and a subnet. – Mark Henderson May 18 '10 at 11:15
0

One way to split computer traffic from a LAN accessing the internet is by using a load balancer. Load balancers can do both balance and force traffic on a specific interface (thus not balacing). you can force for instance 192.168.0.1/25 on wan 1 (and not going to wan 2) and the rest on wan 2.

you can take a look at most brand like peplink, astrocorp.

I am familiar with the fiberlogic optiqroute which does that well.