What's new

Dual WAN + Dual Firewall

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zim

Regular Contributor
Thinking about adding a pf/opnsense firewall/router as VM in Proxmox. I'm concerned that during updates or for any other reason the VM/firewall/router is down, the network will be down.

Is it possible for me to enable dual WAN on the Asus router so that when WAN1 is up the Asus router firewall is off because the traffic is routed through pf/opnsense firewall/router. When WAN1 goes down and WAN2 comes online, the Asus firewall turns on.

It sounds simple, but not able to find anything online about it.
 
No separate per interface firewall options in Asuswrt GUI. Run pfSense on a dedicated hardware with UPS backup. Virtualized firewall running on a 10-in-1 appliance is not the best option. All your network services will be dependent on single device. What’s the difference in reliability compared to home All-in-One router?
 
Got it! Thanks @Tech9

Is it doable with scripts? Is there a script lurking out there that could do this?
 
There is a script fixing buggy Dual WAN in Asuswrt. 😬
 
There is a script fixing buggy Dual WAN in Asuswrt. 😬
It wouldn't do what he is asking though, what you could do is add commands to start/stop the firewall to the wan-event script accordingly for WAN0 or WAN1 being connected or disconnected.
 
Here you go, two birds with one stone. 👍
 
It wouldn't do what he is asking though, what you could do is add commands to start/stop the firewall to the wan-event script accordingly for WAN0 or WAN1 being connected or disconnected.
Sounds like what I am looking for, thanks @Ranger802004.


How would I go about setting this up?


Would I create a WAN-event file under /jffs/scripts/ and use the code below?

Code:
#!/bin/sh
case "$1" in
    wan0_down)
        # Commands to execute when primary WAN goes down
        service firewall start
        ;;
    wan0_up)
        # Commands to execute when primary WAN goes online
        service firewall stop
        ;;
esac
 
Sounds like what I am looking for, thanks @Ranger802004.


How would I go about setting this up?


Would I create a WAN-event file under /jffs/scripts/ and use the code below?

Code:
#!/bin/sh
case "$1" in
    wan0_down)
        # Commands to execute when primary WAN goes down
        service firewall start
        ;;
    wan0_up)
        # Commands to execute when primary WAN goes online
        service firewall stop
        ;;
esac
For your case I'd do a case statement or if statement based on which WAN is primary WAN.
 
I'm not sure how to do that. The previous version was what ChatGPT spit out lol.

If it's not too much trouble, could I ask you to do one for me please.
 
Not sure why is this complication needed. If the clients are connected to the Asus router the pfSense firewall upstream will see single client only (the Asus) with mostly encrypted hard to identify traffic. There is no point of this pfSense firewall in this case since you can't use any of the advanced features on it.
 
What if I were to run the router as a subnet router? Would I be able to use "any of the advanced features" of pfSense?

Also, curious if anyone knows whether the VLANs with the 3.0.0.6 firmware work only in router mode, or in AP mode as well?
If I run AiMesh, do the the VLANs translate to other nodes as well?
If I setup VLANs on pfSense will the Asus router running 3.0.0.6 firmware see and understand VLAN tags?
 
What if I were to run the router as a subnet router?

If you want to use Dual WAN on this Asus router it has to be in Router mode and your pfSense firewall won't see individual clients on your network.

If I run AiMesh, do the the VLANs translate to other nodes as well?

This depends on the nodes. If the Asus is in Router mode features like GN Pro may propagate to nodes. In AP Mode - test and see what happens.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top