Eliseo Martelli

How to use pfSense to load balance between two ISPs

April 05, 2020 - 🕒 2 minutes read

Today's post aims at helping people that are working/studying from home and don't have a stable internet conection.
Since me and my family are currently staying at home we are taxing our ADSL2+ connection very hard with multiple simultaneous video conferences, so I had to find a way to keep all my family online.
The way I've chosen to do that is using multiple WANs, one of them being over LTE.

Prerequisites

  1. A pfSense box with 3+ network interfaces;
  2. A WAN and a LAN interface already configured inside pfSense;
  3. A 4G/LTE modem that connects over ethernet.

If you already have the prerequisites sorted out, let's get to balancing!

Configure the additional interface

To start the journey in load balancing, we'll start by telling our pfSense box where to find the interface that we will later use to connect our LTE router.

To add an interface you need to open the Assingnment menu under Interfaces, select the desidered interface in the dropdown menu, and then click add.

We can now configure the chosen interface and assing it a name. In my case I had to setup the address of this interface with DHCP.

Now it's a right time to plug our 4G/LTE modem to our pfSense box.

At the bottom of the page I checked block private and bogus networks, then you can hit save and reload the configuration.

Setup a multi-gateway

We're almost there!
We have to create a multi-gateway that we'll later use to route our traffic through.

We need to set a network tier, remember that a lower number is preferred.
If both interfaces share the same network tier, pfSense will balance packets on both of them.
Remember to change the "Trigger Level" to "Packet Loss or High Latency" so you will always use the best connection.

Configure the firewall to use the multi-gateway

That's our last step! The last thing to do is to configure our LAN firewall to route connections to our new gateway group.
We need to open the Rules page of our firewall, select our LAN interface.

Our rule will be a "Pass" rule that will be configured as following:

Interface: Lan
Protocol: Any
Source: Any
Destination: Any

The last thing to do is going to the advanced section of our firewall rule and set the gateway to the previously created gateway group.

We're finally done!
You can now go and test your load balanced network!

© 2021, Eliseo Martelli