Redundant WAN redeux

Okay, so it’s been 7 months since I originally wrote about my search for a dual WAN router (or even since I updated this blog… sad). In that time, I did eventually find a solution, but it was a long, painful road. The road began with a look at load balancers, an extremely complex and expensive bunch of boxes designed to do way more than I need (or could afford). Then came the Cisco 1841, but I couldn’t bring myself to spend $2000 on a simple router for a $160 a month cable connection. After that, I was working with a company (who shall remain nameless) to develop their existing load balancer product into a link balancer, but it wasn’t ready for prime time, and I had to pass. So, 4 months past my implementation date, and I was back to square one. The Linux box was looking better and better.

This whole project changed when I happened to check-up on pfSense, a firewall distribution based on FreeBSD. Lo and behold, they had added multiple WAN support over the summer. A quick download and test run later, and I had my winner. It had the raw support for the features that I need, with the polish coming down the pike in the coming months. It was free, since I already had a spare server to put it on. It was configured completely through a web interface, making for easy administration. It was… a done deal.

We went live with the setup before Christmas, and it’s been running flawlessly. Policy-based routing allows me to control which packets go where, and strong NAT/firewall rules make it a breeze to publish services out to the world. I’ve even got it running a fourth interface for a guest VLAN. More on that later…