How to route traffic to specific WAN using pfsense router.

pgrommesh · January 19, 2020

So following some advice earlier this week here I bought an LTE modem, which works great, and I also bought and setup a PFsense router.

Currently it is setup as poorly drawn here:

Internet works through pfsense device using either internet point and I have experimented with things such as creating a gateway with equal tiers between the 2 devices, or one with a higher tier than the other etc it all functions as expected like that.

What I would like is for data such as video (youtube/netflix/amazon) to travel through the wider connection (WISP) and for gaming traffic to travel along the lower latency line.

What I believe is the best solution is to make the gateway tier 1 with LTE and tier 2 with WISP, but take a list of ports&protocols and create firewall rules to direct traffic from youtube/video sites to the WISP. The problem is I can't figure out how to setup these firewall rules to do this.

Anyone able to help or suggest a better solution, I can't seem to find an example of someone doing anything similar.

Thanks!

mtz_federico · January 20, 2020

First you need to make sure that there is a gateway for each interface, then create an Alias with the ports of the games that you want to go through LTE, then you create a firewall rule that sends traffic going to any ip using any protocol, and going to a port in the alias trough the WISP gateway.

You can also do a similar things but with ips, You create an alias with ips or domains and route traffic going to those ips through a specific gateway.

You also want to create another rule that is in second place on the firewall that sends all traffic on any port, on any protocol, through your WISP gateway.

Hope this helps, I don't have access to pfsense right now so I can't send screenshots or exact instructions

Alex Atkin UK · January 21, 2020

The thing is, ports used for games can vary and clash considerably. You're likely this way to end up with the games not knowing which WAN they are supposed to be using.

Its going to be a very complicated setup with lots of trial and error trying to find the right ports, IPs, domains you need to direct over the other WAN.

Honestly I'm not 100% sure it can be done as I believe some games when setting up their session use standard ports like 80 or 443 to establish the connection and will expect all traffic on the same WAN as that.

mtz_federico · January 21, 2020

1 hour ago, Alex Atkin UK said:

The thing is, ports used for games can vary and clash considerably. You're likely this way to end up with the games not knowing which WAN they are supposed to be using.

Its going to be a very complicated setup with lots of trial and error trying to find the right ports, IPs, domains you need to direct over the other WAN.

Honestly I'm not 100% sure it can be done as I believe some games when setting up their session use standard ports like 80 or 443 to establish the connection and will expect all traffic on the same WAN as that.

You are right. What OP can do is set specific ips to use different WANs and just switch between them

Alex Atkin UK · January 22, 2020

2 hours ago, mtz_federico said:

You are right. What OP can do is set specific ips to use different WANs and just switch between them

Different clients is easy, and in fact I load balance my games consoles and gaming PCs across two WANs without any issues. But if you specifically want games over one WAN and all other traffic across another, this is a problem, as how do you know every single IP range a given game might use?

Fortunately I mostly play single player games across two relatively comparable VDSL connections, so it doesn't matter which connection it decides to choose to route over. But if I wanted to port forward to allow incoming connections, I can't even begin to imagine how it could be done.

The problem is when a game is initiating an outbound connection, its going to go down the default WAN, so unless you know every possible server it could be hitting, you're stuck. I was honestly surprised that GTA Online works fine on my configuration.

pgrommesh · January 22, 2020

Thanks for the reply's. I will do some trial and error this weekend when I have more free time.

In the meantime, I did setup a single gateway with Tier 1 WISP and Tier 2 LTE which seems to work effectively as a failover. I also have found that if I temporarily flip the 2 tiers around, load and connect to the game, and then reverse the setting I will stay using LTE for my games for as long as I don't get disconnected which has been great.

Again, Thanks for all the help.

mtz_federico · January 22, 2020

13 hours ago, Alex Atkin UK said:

The problem is when a game is initiating an outbound connection, its going to go down the default WAN, so unless you know every possible server it could be hitting, you're stuck. I was honestly surprised that GTA Online works fine on my configuration.

Yeah, luckily the few games I play show the ports they use online.

GTA V uses a few UDP ports https://support.rockstargames.com/articles/200525767/GTA-Online-PC-Connection-Troubleshooting

and I've seen that other games like rocket league use a certain port for the game servers and 443 and 80 for other things https://support.rockstargames.com/articles/200525767/GTA-Online-PC-Connection-Troubleshooting