PFsense, dual DSL system for only 2k(or less!)
This article assumes that the reader has intermediate knowledge of computer networking. If you are unable to grasp some of the terms presented here, but still are interested in having a dual DSL setup, you may opt to purchase a dedicated network device such as this one available locally. Though less in features, it works out of the box, saving you time and effort. Be prepared to shell out more in terms of cost though.
Tired of lag when you play online? Got 2 DSL lines? This article will show you how to build a low cost, intelligent network device capable of policy based routing through open-source software known as PFsense. This in effect combines your two DSL lines into one. However, unlike some devices which only do load balancing, this setup is intelligent enough to send game traffic to your connection of choice. (it is also capable of load balancing)
We had been using this system for over a year now. This setup was conceived at the height of Method’s campaign at pRO Sakray. Short of physically dividing the shop we played in into two sections, we needed a system to ensure lag free sieges. Through this system we were able to separate game traffic and send it to DSL1, then take browsing and everything else to DSL2.
We had moments that would often make other player’s jaws drop. We had one guy participating in a crucial siege, and we had his significant other seated next to him, killing time by streaming an anime episode. No lag, no effect for the RO players.
For a period of time, I regarded our setup as trivial. In fact, I seldom paid attention to this device as it always worked. Only on a recent trip did I realize how useful this could be for other people.
A few months ago I accompanied Mr. Danny Fong (more popularly known as PAPASPY, a prominent figure in the RF online community) to
Unfortunately not all hotels there had Internet access. After a few days of being disconnected, I headed out to find a computer shop. Upon finishing my emails, I tried to play DOTA. This was where I learned of a terrible inconvenience: I could not surf in the games section of the café. I had to transfer to the surfing only section whenever I had to open my browser since the two sections, gaming and surfing had two separate DSL lines. Obviously, that was to ensure that online players never complain of lag whenever someone decides to stream the latest installment of their favorite anime on Youtube.
It was only then did I realize that what we were doing back in
To do this, you need the following.
- Two DSL connections (obviously)
- An old computer - We used an old Dell optiplex GX200, it had a P3 900mhz processor and 128mb of RDRAM. We bought ours from a surplus dealer at Gilmore Ave. After much haggling, and after reminding the dealer that this unit has RDRAM which made it difficult to upgrade, we got the unit for only 1,200php at no hard drive, no CDROM, and only built in video.
- 3 LAN cards - You can actually use any PCI based LAN card. (as long as it is recognized by FreeBSD) We decided to get an INTEL based server LAN card because for some weird reason our connection to some counter strike servers are faster. (using INTEL based cards we get 40-50ms connection to a local server compared to the 50-60ms we get when we used the commonly available Realtek based cards). We bought our dual port INTEL server LAN card from tipidpc for only 700php. Our last card is also an INTEL based card, bought for 100php at a surplus store.
The inside of our surplus PC, with the dual port INTEL card still in its plastic packaging. Next picture is the INTEL dual port server adapter (700bucks!)
PFsense uses a heavily modified installation of the FreeBSD Unix operating system to transform any computer into a powerful and intelligent firewall device. Do not let the Unix word scare you, a lot of people are often scared whenever they encounter the words Linux or Unix, as they often associate such terms with typing long obscure words in a command line interface. PFsense is installed using a bootable CD, and is configured through a browser interface just like your common Linksys or Dlink router.
The first step is to physically install the 3 network interface cards into the computer that you are going to use. You then go to the website of PFsense, www.pfsense.org and download the latest ISO image of the live CD installation. Burn that image into a CD, then boot the computer using the bootable CD. Select option 99 to install the PFsense system into the computer. Choose the default options, then reboot when asked.
For a complete guide regarding the installation of PFsense, read the ISO installation how-to.
After rebooting, assign your interfaces:
- LAN – this is the interface in which all of the computers in your network are connected to, this is usually with an internal IP address.
- WAN – this is where your primary or default DSL is going to be connected to.
- OPT1 – this is where your secondary DSL is going to be connected.
Assign an IP for your LAN. We had ours set to 192.168.1.1/24 a common IP for routers in a LAN.
You then use your browser to access the web interface for its initial configuration.
Select “System” from the main menu, and “General Setup” at the drop down menu. Enter your desired name for your device, we named ours as “slimmer” in this case. Also enter the DNS servers to be used, you have two options here, either you specify the DNS servers that you want to use or you can let your primary DSL connection assign you their DNS server. For our case we specified one of our DSL provider’s DNS and one from OpenDNS as our backup.
Next is the configuration of your WAN connection, this is your primary DSL line. For our example we had a PPPoE setup which requires a username and password. There is an option of DHCP for providers who do not require any username and password. Select “Interfaces” then “WAN” from the drop down menu. You enter the DSL details of your provider here.
After you get your primary DSL installed, it is time now to see if your box is working as a router for your LAN. Try browsing a few websites as a test. If all goes well, we can now proceed to the next step.
Physically connect your 2nd DSL line to the OPT1 interface. We then enable this interface, and configure how this interface communicates with your DSL modem. Go to “Interfaces” then select “OPT1″ from the drop down menu. Enter the details of your 2nd DSL line here.
Check if your PFsense box is able to communicate with your 2nd DSL provider. Go to “Status” in the main menu, and select “interfaces”. Scroll down to the interface labeled OPT1 the interface should be assigned an IP address from your 2nd DSL.
Now on to the last part, how to make PFsense take your game traffic and send it to DSL2, and send everything else to DSL1.
Click Firewall in the main menu. Select NAT, then from the tabs presented, select outbound tab. Then select Manual Outbound NAT rule generation. Click save.
Now create an outbound NAT entry for OPT1. Click the plus icon.
Change the interface option from WAN to OPT1, then change the description. Click save. You should have something similar to this.
Next is the most important and final step. We are going to create firewall rules for Pfsense to follow. Firewall rules are essentially a set of conditions that the device compares every packet to. This tells Pfsense, for example, to send counter-strike traffic to DSL2 and Youtube traffic to DSL1.
Rules are processed top first, going down. Meaning if a particular packet matches a rule it is immediately forwarded to the gateway interface according to the said rule. If a packet does not match the first or second rule, PFsense will continue to compare it with every rule until it reaches the bottom. The last rule is usually a catch all rule, meaning packets that did not match any previous rule is sent to the interface specified by this last rule.
We first make our general rule. This rule directs all packets to the WAN interface, essentially DSL1. This rule should at the bottom since rules are processed top first.
Select “Firewall” from the main menu, click “rules” from the drop down list. Select the LAN tab. Then add a new rule:
action: pass
interface: LAN
protocol: any
source: LAN subnet
destination: any
gateway: default
Now we create the rules for game traffic. We shall be using (pRO) Ragnarok Online as an example, as this is a very lag sensitive game.
There are two TCP ports important to Ragnarok Online, port 6900 for login and port 5000 for data.
Add Rule
action: pass
interface: LAN
protocol: TCP
source: LAN subnet
destination: any
destination port: select (other), then specify port 6900
gateway: OPT1
Do another rule for port 5000, just change the port number from 6900 to 5000. Also enter a different description.
Make sure that the last rule is the general rule, since rules are processed from the top going down. Move your game rules up if necessary.
You should have something like the picture below by now. The Ragnarok rules are above the general rule. Thus packets that match the Ragnarok rule are immediately sent to the OPT interface. Any other packets that do not match our Ragnarok rule is processed by the general rule at the bottom, effectively sending everything else to the WAN interface or DSL1
Apply your rules.
Ragnarok traffic on your network should now be sent to OPT1 also known as DSL2. Everything else goes to WAN or DSL1. A user can for example, download and continue to play without lag on the same computer.
This device can sort packets by port number and/or IP address. Just add similar rules for the other games and/or applications you may want to redirect to another DSL connection. You can even have 2, 3 or more OPT ports depending on your needs.
Policy based routing is only one of the many features that PFsense is capable of. It is also capable of bandwidth control, VLAN, and network redundancy. Those are however beyond the scope of this article. For a complete list, go http://www.pfsense.org
PFsense is also not limited to routing DSL connections, other individuals and organizations have been using PFsense to route 10, 20mbps links and above. With capacity only limited by the hardware it is installed at.
Resources:
Policy Based multi-WAN tutorial by Daniel Solsona
PFsense documentation wiki
PFsense website
Editing by GM Simon a.k.a. Innocence of Method
For those interested in minimizing lag for their games using only one DSL line, I will be making another article in a few days.
Too extreme just to avoid lag when playing online? Check out our old toy…
I apologize for any spelling or grammar errors that you may find. I am not a writer, nor is writing a strong point for me. For technical errors, please do not hesitate to post a comment.
March 6th, 2008 at 1:42 pm
[quote]There are two TCP ports important to Ragnarok Online, port 6900 for login and port 5000 for data.[/quote]
Just want to ask how to get this data? I’ve been having too much trouble with lags particularly on online games such a RAN Online, Warrock.
At present Im utilizing the service of Smartbro,(386 kbps) wireless internet service. Just recently I applied for Globelines Broadband 1 mbps package.
I was searching the internet about dual wan routers when I chance upon this article.
That particular part puzzled me…
So I hope you can share more details with regards to that concern.
With great appreciation,
RGAlbuera
goku_092966@yahoo.com
March 6th, 2008 at 6:05 pm
If your problem is lag during online games, getting a globelines dsl + smartbro wireless will still not solve your problem. Regardless of the router you use. Almost all online games are PLDT friendly.
With regards to TCP “ports” of a specific game, you can try asking the customer service department of your particular game. Just say you are behind an office firewall, and you need to have ports opened.
Or, you can get it yourself using a packet sniffer. Run game, run packet sniffer, get ports being used. For windows, you can try the link below. It is lightweight and just right for sniffing game ports.
http://www.analogx.com/contents/download/network/pmon.htm
March 14th, 2008 at 2:13 pm
sir i really want to try this dual wan using a PFsense..
i’m going to use 2 smartbro connection sense we dont have pldt line yet…I have a small com shop here in cavite, i only have 6pc. after 1 week of researching for the best dual wan router for the low cost I finally got it here..
sir 1 question; is it ok if I use a mobo with a built-in lan and a 2 extra lan card in total of 3LAN?
because I will try it first to my 1 working pc I will just replaced the hard drive with a surplus hrd drive for this project.
THANKS A LOT SIR more power!!!!
March 14th, 2008 at 5:21 pm
As long as the LAN cards are detected by PFsense, ok.
March 18th, 2008 at 2:04 am
good am sir katsudon! I nid your help sir…
I already install pfsense and I already reboot it for the first time then after, I assign Interfaces by pressing 1)
in Pfsense console setup, and pressing 2) for set Lan IP Address. But still i’m here in this:::
WELCOME TO PFSENSE 1.2release
WAN* ->rl0 ->192.***.*.***(DHPC)
LAN* ->dc0 ->192.168.1.1
OPT1 ->vr0 ->none
Pfsense console setup
0)Logout (SSH only)
1)Assign Interfaces
2)Set LAN IP address
3)Reset webconfiguration password
4)Reset to factory defaults
5)Reboot system
6)Halt system
7)Pin host
8)Shell
9)FFtop
10)Filter logs
11)Restart webconfiguration
12)pfsense PHP shell
13)Upgrade from console
sir ganun parin dpa rin po ako makaalis jan
pfsense console setup na yan
I already press 0, 1, 2, 3, 4, 5, 9, 12, 13
but still back this and reboot it again and still back to here…
dpa rin po ako makapasok sa main window and web browser
sir help nmn po ty
09204792331
jun_a_abella@yahoo.com.ph
jun2577_a (YM)
March 18th, 2008 at 10:25 am
You already have a working PFsense installation. You have to use a different computer to access the web interface. Just make sure its on the same subnet as your PFsense LAN IP address.
March 18th, 2008 at 12:28 pm
Good pm sir! tnx for the reply…
ok sir i will configure the subnet of the other pc. Will u please stay online while i do the testing of the wan set…
March 18th, 2008 at 2:51 pm
Sorry to keep you waiting, unfortunately the hdd i was using for the setup broke down. I still have to buy another hdd tomorrow to test the pfsense. I was just wondering…Will it be ok If i use an hdd enclosure or a flash drive for the pfsense?
March 18th, 2008 at 5:51 pm
I was able to setup the pfsense and i got this info
WAN–>xxx–>xxx.xxx.xxx.xxx(DHCP)
LAN–>xxx–>xxx.xxx.xxx.xxx
On the other pc, i was able to go to the general setup and was able to name the device. But on the DNS server textbox, this is where my problem is…what info will i use here (i am connected with smartbro)?
Can you please help me with this..i am not too familiar with the WAN setup, i just really want to speedup my internet connection and be able to optimize the two smartbro links that i have.
thanks.
March 18th, 2008 at 6:44 pm
@jun
If you use a hard disk enclosure, I have no idea if pfsense can detect that drive during bootup.
@jun_888
Regarding DNS server, try checking the option: Allow DNS server list to be overridden by DHCP/PPP on WAN. To get the default DNS servers from your smartbro service.
March 18th, 2008 at 8:15 pm
sir sa wakas nagawa ko na rin po!!!
lhat po ng procedure mo nagawa ko po..
instead ng RAGNAROK, I try it for RAN online..
but my problem now is lhat po upload & download, games browsing etc.. lhat po sa WAN na connect yung OPT1 is standby…
what will I do next sir “katsudon”?
Tnx for every thing sir^_^
March 18th, 2008 at 8:18 pm
and one thing sir after ko po ma configure lhat and eveyrthing
dko po ni reboot yung pfsense…
do I nid to reboot it sir? lhat po ng config na SAVE and APPLY ko po sir….
March 19th, 2008 at 2:44 am
Get the ports for RAN online. Then make firewall rules to force RAN traffic through your OPT interface.
March 19th, 2008 at 8:30 am
sir ! where can I get the “PORTS” of ran online?
sensya napo newbies me eh..
ty again…
March 19th, 2008 at 11:51 am
1. Ask the customer care department of RAN online.
-or-
2. Get it yourself using a packet sniffer.
March 21st, 2008 at 5:53 am
I got the port sir using the “netstat -b” at the CMD…
pretty much faster than asking the customer service…
sir how about FAILOVER? Can I have some idea sir on how to config it.. What I mean sir for this, Is when primary connection down automatically the secondary will take over on it..
And also sir the proper shutting down of pfsense what is the proper way? I only use reboot system and inaabangan ko nlng po pag nag start na tsaka ko po turn off yung avr.
March 21st, 2008 at 12:01 pm
Congrats on your pfsense system. Halt the system using the console, or the web interface. Pede din na ganyan, reboot + abang mag reset tapos off.
Load balancing is also a feature of this software, unfortunately I do nto have the time to post the exact step by step procedure. The Pfsense website has plenty of tutorials and how-to’s.
March 22nd, 2008 at 4:08 pm
Thank you very much sir! two thumbs UP for katsudon…
This pfsense really works for me, laking tipid ko biruin mo you don’t need to buy a very expensive multiple wan router you only need is build a junk old pc and some short mind twisting installation. That’s all! you finally got a MONSTER ROUTER…
March 27th, 2008 at 7:26 am
[...] to handle it is you can have 2 DSL lines and have one dedicated for gaming and one for browsing. Katsudon, a former guildmate and good friend, made an instructional article on how to do this on his blog. I [...]
March 29th, 2008 at 6:25 pm
[...] PIX can, and at a significantly lower cost even with commercial support. Another person with a blog entry with a nice multi-WAN howto. Write up something about pfSense on your site you would like to share? Email a link to us, [...]
April 6th, 2008 at 6:07 am
Sir katsudon,
I finished the installation of pfsense but after reboot it says
F1 FREE BSD
Default : F1
After F1 is pressed
FREE BSD/i386 boot
Default 0: ad(0,a)/boot/loader
boot: -
then it was stock there.
is my installation correct?
April 6th, 2008 at 6:17 am
Sir Katsudon,
When i pressed enter it says can’t load kernel
April 7th, 2008 at 3:14 am
cool ill try this, sounds interesting, can some one leave their cell number so i can keep in touch, hehe for some questions hehehe, i can shoulder their prepaid. thanks ^_^
April 9th, 2008 at 12:13 am
@romy
Try to reinstall, its probably an installation error.
April 10th, 2008 at 9:24 am
PFSense was recommended to me, also. I spent a little more on hardware (around 9k, as the machine’s got 5 lan cards plus an on-board lan card). I’m currently routing 3x 3mbit PLDT DSLs and 2x Smartbros through it to a NAT (we do streaming video for online classrooms).
Classroom software (audio+video+whiteboard+desktop sharing) uses a lot more bandwidth than most online gaming, and we’re essentially lag-free with 10 stations operating full-on.
SIDE NOTE: to the user above who said that online games don’t work as well through Smartbro vs. PLDT: Smartbro operates exclusively on PLDT’s network. The ‘Last Mile’ technology is different; and in most areas Smartbro shares IPs via NAT as its allocation is pretty small. The overall throughput is less, but I find Smartbro’s last mile technology to be more reliable (it fails less often) than PLDT DSL, at least in my area.
Cheers,
- Ralf
IRC Operator, Undernet IRC Network
http://www.undernet.org
April 11th, 2008 at 6:09 am
It’s amazing. I like it. Sounds good to me, even though I can’t agree with everything< that is written here
April 14th, 2008 at 2:12 pm
Business Card Cdrom…
This is really interesting, I would say it does bring me a lot of attention. I love your post very much, but I think there is some information missing here. It is a litter bit unclear but, it is worthwhile of reading it. By the way, i am looking forwar…
April 18th, 2008 at 3:24 am
Any of you knows if It’s posible add proxy squid to this dual router configuration?
For education purpose I need to restrict some pages, an ports.
Actually I have IPCop with Advanced Proxy, BlockOutTraffic, with some restrictions like porn, and port 1863 for MSN messenger, but I like to use a second line for an specific application port.
Please help?
April 19th, 2008 at 4:41 am
Sir Katsudon,
I have already installed and has live pfsense. My problem is all traffic was directed to WAN and when i made firewall rules to OPT 1 and tried ragnarok on line, it is always disconnected. I am using 2 smartbro connections. I followed your guidelines and still unlucky to make it work. It seems that When I tried the 2 smartbro connections only 1 became active. Pls help.
April 22nd, 2008 at 1:34 am
@Romy
Check your interfaces if indeed there are two smartBRO connections active. Then check your firewall rules.
April 22nd, 2008 at 8:55 am
I successfully installed pfsense in my celeron 2.0 with 3 nic, cable internet connection with static ip..but i couldn’t make to connect it in internet.
i can’t ping my gateway ISP…
at home i have a bayantel DSL pppoe and i don’t have problem setting up the pfsense.
thanks
April 26th, 2008 at 6:41 am
finally pfsense now working, i called my ISP asking to change from static to dhcp connection…
problem with my cable internet provider setup maybe?
April 26th, 2008 at 6:48 pm
@gere, post details about your cable internet provider and their setup.
May 2nd, 2008 at 11:05 pm
Thanks for the post!
If I had 5 dls modems, what do you think would be the best solution to connect them with pfsense (for multi-wan and load balancing) ? Switch or Router or Intel quad port?
Thank you for your help!
May 5th, 2008 at 2:22 am
@Phil
You have to check the pfsense hardware sizing guide for that. It all depends on the amount of bandwidth you want to move.
May 12th, 2008 at 2:07 pm
Good day sir katsudon..
It’s nice to be back again. No problem with my router just want to ask this.
Is PFSense capable of handling multi WAN router with a PRINT SERVER (multi USB port)??? tnx sir
May 12th, 2008 at 2:30 pm
I never used a print server. Sorry, have no idea.
May 13th, 2008 at 2:16 am
^_^ thnks sir! maybe I should buy nlng and connect it to hub
May 18th, 2008 at 6:53 am
nice article..
I just use 1 DSL line with pfsense. All looks oke.
May 24th, 2008 at 10:19 am
sir katsudon
you said “For those interested in minimizing lag for their games using only one DSL line, I will be making another article in a few days” napost m0 n po ba ito? gusto ko po ma minimize ung lag sa online games using only 1 DSL. thnaks
May 26th, 2008 at 11:30 pm
good day Sir!
Is there a procedure where I can combine the speed of my two internet connections just like in the Edimax dual WAN router feature.
Thanks.
April 3rd, 2010 at 3:38 pm
???-?? ??? ?? ??????????…
??????-???????????, ???????? ??????? Though less in features, it works […….
April 11th, 2010 at 7:57 pm
?????????, ????? ?? ???? ??????. ? ?????, ?? ??????? ?????? ???????. ?? ????????????….
????? Though less in features, it works […….
April 20th, 2010 at 4:02 pm
? ??????, ??? ?? ??????????. ????????? ??? ????????. ?????? ??? ? PM….
????????- ??????????? Though less in features, it works […….
April 21st, 2010 at 3:48 pm
???-?? ??? ?? ??????? ??????…
?????????????, ????????, ???????? ??????? , ???????????? ?. ?. Though less in features, it works […….
July 21st, 2010 at 3:44 am
Buy:Synthroid.Nexium.Lumigan.Mega Hoodia.Prevacid.100% Pure Okinawan Coral Calcium.Retin-A.Zovirax.Prednisolone.Valtrex.Human Growth Hormone.Zyban.Accutane.Actos.Petcam (Metacam) Oral Suspension.Arimidex….
August 30th, 2010 at 2:09 am
Radio http://ulancomemji.AUTOPARTSVILLE.INFO/tag/eton+Radio+world/ : eton…
Radio…