[SOLVED] Dual WAN Connections (Pfsense/RouterOS)

[Pyneappel]

I'm building out a home server closet/lab. The house has 16 Cat6A cable runs and there will be a few servers in a rack. I'll end up with stuff that's overkill, but I'm new to this and trying to learn more than how to unbox an unmanaged switch. I'll probably have two internet connections; one faster but with a data cap and one slower but unlimited data. Right now I'm thinking I'll get the Mikrotik CRS328-24P-4S+RM.

I've been reading/watching YT vids about using Pfsense to manage two WAN connections. My question is this; With that Mikrotik switch and (presumably) RouterOS, would I still need a separate Pfsense box to route internet traffic to two WAN ports? Or can I accomplish that in this scerario without a separate Pfsense box? If possible, I'd like one or two servers to use the slower internet and the rest of the house to use the faster.

 

[bill001g]

Not sure what the mikrotik can do as far as dual wan. Those are complex boxes and I am not 100% sure if those switches support all the router OS functions. Most times a switch does not support function that might slow it down. Things like routing based on the source ip/machine tend to take cpu and would degrade the throughput.
This is read the massive manual and see. I suspect the cpu in the switch will bottleneck you if you get too fancy.

PFsense can do much more because it has a massive cpu compared to a switch....I will assume you run this on a small pc and not one of those appliance boxes.

You do not need anything really big though unless you plan to run something like vpn. In your case you would want to add in a 4 port ethernet card so you have the extra "wan" ports to connect to the internet connections. PFsense can pretty much do anything you can think of when it comes to routing and running multiple internet connections. Almost all the magic is done in the IPTABLES function so there is lots of example and documentation on how to do things.

 

[Pyneappel]

Thanks, Bill.

 

[Pyneappel]

PFsense can do much more because it has a massive cpu compared to a switch....I will assume you run this on a small pc and not one of those appliance boxes.

Well in as much I had looked into this I guess I was thinking of getting one of the preconfigured units. Or one of the units not much bigger than a 4-port switch intended to be used for pfsense/firewall.

Do you have a "small pc" you would recommend? I see ServeTheHome and others using HP T620/T730 "Plus" SFF computers that will take a NIC expansion card and using those. I think I'd prefer something I can rack mount though.

 

[bill001g]

The last time I did this I just used a old computer I had sitting around and put a 4 port nic card in it.

How large a pc you need depends on many things. Mostly it depends on how cpu intensive the rules you want to run are. Simple things like routing based on destination take nothing but routing based on say port numbers or source IP is a bit more but still not much. VPN is the big one that would require careful planning.

That said are you sure you even need a router to do this. The method I have used lately is to let the end device control where they go. I take 1 router and let it run like normal and assign IP say 192.168.1.1. I then take the router going to the other ISP and disable the DHCP server function and set its IP to say 192.168.1.2. I then plug a cable between the lan ports.

On the end devices everything will use router/isp 1 by default. What you then do is change any device to use 192.168.1.2 if you want all the traffic to go there or you use stuff like the ROUTE command in the device to send just particular locations to the 192.168.1.2 router. So you can say run netflix on one ISP and game downloads on the other.