Dual Wan Router: How to Load Balance Using pfSense

Updated on January 16, 2018
skear profile image

Sam works as a Network Analyst for an algorithmic trading firm. He obtained his Bachelors Degree in Information Technology from UMKC.

Purchasing a dual wan router can easily set you back several hundred bucks. Besides the high prices many of the models on the market lack many features. So instead of shelling out cash for a router with limited features you can recycle some old hardware and build one yourself. By utilizing the popular open source router/firewall platform pfSense you can create a very powerful and feature rich router. Plus you'll have a sense of accomplishment knowing you created it yourself.

Why setup a dual wan router?

  • Increase your internet bandwidth - If you have multiple internet connections you can load balance them to provide more bandwidth to the computers on your home or office network. This can be very useful for downloading torrents and playing online games at the same time.
  • Provide backup internet connectivity - Another popular use is providing redundancy or failover in the event one internet connection goes offline. In this case its important to make sure your using two different ISP's. For example one cable , and one DSL connection.

If you want to hear more about pfSense before getting started check out my hub, Introduction to pfSense. I'm going to assume the readers of this hub have some basic network knowledge and are familiar with setting up a router. If you have a question or would like more details just let me know.

Updates for pfSense version 2.0

I have updated this hub to include instructions for pfSense version 2.0, I'm planning on leaving the portion of the hub covering version 1.2.3 up for a while since many people still use it. If you haven't done so already I highly recommend upgrading to version 2.0. Not only does version 2.0 have much better support for multi wan connections but it offers several other great features.

What you'll need to get started

  1. An old computer - For this type of application I would recommend a minimum processor speed of 1GHz with at least 256Mb of ram. The computer will also need a hard drive (or CF card), and a CD-ROM. If you don't have an old machine lying around check Craigslist or a garage sale. You should be able to pick something up for free or very cheap.
  2. Three network cards - The computer you use will need to have three network interfaces. One for the LAN port and two for the WAN ports. I recommend using at least 100Mb cards to prevent a bottleneck. Onboard network connections work fine, if you don't have an onboard NIC you can just use three PCI or PCIe network cards. You can salvage the network cards from old computers or purchase new network cards at a low cost.
  3. Two internet connections - Cable, DSL, T1, FIOS, etc. You can use two connections from the same provider if you want or use two different ISP's.
  4. The pfSense software - You will need to download the live CD from one of the mirrors and burn it to a disc. Visit www.pfsense.org and click on downloads. I recommend using pfSense version 2.0 since it includes better multi wan support.  The free 7-Zip program can uncompressed that gz file for you.

Setting everything up

If you already have a functional pfSense router keep reading for the details on how to configure dual wan connections. If you don't check out the pfsense install guide then continue with the rest of the instructions on this hub.


Interfaces Configuration for Version 1.2.X

These steps will be completed using the pfSense web GUI.

I'm assuming during your initial pfSense setup you configured a LAN and one WAN interface already.

To configure the second WAN interface select OPT1 from the Interfaces menu. Click the check box to enable the interface and set the type to either DHCP or Static depending on what you need, then hit Save.

Interface Configuration
Interface Configuration

Load Balancer

Next open the Load Balancer page found under Services. Click the + sign to create a new pool. Choose a name like 'LoadBalance' for example, then set the type to Gateway. Choose a behavior of either Load Balancing or Failover depending on what your trying to accomplish. Set the Monitor IP to WAN's Gateway. Then select the WAN interface from the drop down menu and click add to pool. You will see WAN show up in the list below. Then change the Monitor IP to OPT1's gateway, select OPT1 from the interface list and click add to pool. Your configuration should be similar to what you see in the screen shot. Click save when your finished, and apply changes on the next page.

Note that pfSense will act strange if you have the same gateway for each interface. You can get around the issue by setting up a bridge between one of the interfaces but its best to avoid having to do this.

To check if your configuration is working goto Load Balancer under the status menu. They should both report that they are online and report the latency of their monitor IP's.

Load Balancer Pools
Load Balancer Pools


If the interfaces don't show up as online verify that your monitor IP will respond to ICMP pings. If it doesn't you need to choose different monitor IP's such as a DNS server. You may also need to double check the IP configuration of each interface on the Status\Interfaces menu. If the WAN/OPT1 interfaces are configured for DHCP you may need to release/renew the addresses.

Load Balancer Status
Load Balancer Status

Final Configuration

If the load balancer status looked green then your ready to activate it. On the firewall menu click on rules, then select the LAN tab. You'll need to edit the default rule and change the gateway from default to LoadBalance. This will send all outbound traffic to the load balancer.

Firewall Rules
Firewall Rules

Configuration for version 2.0

These steps will be completed using the pfSense web GUI.


The first thing you'll need to do is assign a second wan interface. If you already configured one you can skip this step. Click on assign in the interfaces menu. Then click the plus symbol labeled add and select the mac address of the interface you want to use. If there is only one unassigned interface it will be automatically selected. By default the interface will be named OPT1. Your configuration should look like the screen shot on the right.

After you have assigned the interface you need to enable it. Click on the interfaces menu then select the name of the second wan interface (OPT1). Check the box to enable the interface then select DHCP or static as the type. It's important to note that if your gateway does not respond to ICMP pings then you should set an alternate monitor IP such as google dns (


Next click on routing found in the system menu. Verify that each of your WAN interfaces has a gateway assigned. If OPT1 doesn't have a gateway check the DHCP or static ip configuration before moving on.

Assigning Interfaces (version 2.0)
Assigning Interfaces (version 2.0)
Enable the OPT1 interface
Enable the OPT1 interface
Verify the gateways
Verify the gateways

Adding a Gateway Group

If both of the gateways look good you can click on the gateway groups tab and create a new group by clicking the plus symbol. Assign a priority of tier 1 to both WAN, and OPT1. Set the trigger to be 'member down'.

Create a gateway group
Create a gateway group

Make sure the gateway group is online

At this point you should check the status of the gateway group you have created to make sure that status of both interfaces are online. If one of the members in the group shows as offline then make sure either the gateway responds to ICMP pings or enter an alternate monitor IP. In some cases you might just need to reboot the router in order for both members to activate.

Check the gateway status
Check the gateway status

Edit the default LAN rule

The final step is to edit the default LAN rule so outbound traffic will pass through the load balancer. To do this click on rules under the firewall menu. Then edit the rule with a source of 'LAN net', change the gateway to LoadBalance, or the name you assigned the gateway group earlier.

Edit the default LAN firewall rule
Edit the default LAN firewall rule


To test if everything is working use a speed test site that supports multiple threads such as the one on www.speakeasy.net. Torrents and Usenet will also benefit greatly from load balancing. You can also monitor the bandwidth of each interface under the Status\Traffic Graph menu.

The pfSense load balancer uses a round robin algorithm to determine which interface to send traffic out. You can enable sticky connections in the System\Advanced menu which will send successive connections to the same IP out the same interface. Some SSL connections can act strange if the source IP changes during a connection.

If you are using two cable modems or other connections that use a shared physical infrastructure go to System\Advanced and enable the setting "Shared Physical Network".  This will prevent your system logs from filling up with duplicate ARP messages.

If you setup a failover configuration the best way to test it is by pulling unplugging the WAN or OPT1 cables and seeing if the internet still works.

Sticky Connections
Sticky Connections
Suppressing ARP Messages
Suppressing ARP Messages

Closing thoughts

You could easily adapt these instructions to a triple or even quad wan router if you want. The limit is really how many network cards you can get into a single computer. I plan on updating this hub once pfSense 2.0 is released. If you would like me to add more detail to any of the sections just let me know.

If you found this hub useful please take a moment to rate it or leave a comment below.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.


    0 of 8192 characters used
    Post Comment
    • profile image

      Kristoff Paxton 

      2 years ago

      Hi guys! im a newbie and badly needed help. can you please help me. i have a Pfsense with two ISP connected to it, both are using static IP. Loab Balance was not yet configured on my pfsense, kindly please assist me on how to configure the load balance using two ISP at the same time to maximize my internet. also i will be needing to have a vpn connection, do i need to install a vpn router? how will be the connection?

    • profile image

      John Hutchison 

      4 years ago

      A better bandwidth test would be to use peplink's balance broadband speed test tool.


      It can saturate both of my WAN links and combine their speed as seen in the LAN interface traffic graph.

    • profile image

      Osvaldo Ferreyra 

      4 years ago

      Hello, I have on the network a Web Server under debian iptables and it works perfect. Now I want to migrate to pfsense with Dual Wan basically works well but when I put online can not access or outside or inside the Lan Apache throwing me a 403 error. Configure Squid as a transparent proxy, enable NAT + Proxy and configure the Port Forward to the webserver on port 80. What can be happening?

    • profile image


      4 years ago

      Hi Sam,

      Your Blog is very helpful, I have done Load Balancing in my router using two different ISPs. And its working fine. But What i have faced is that whenever load balancing works on pfSense my natting rules starts fluctuating.

      I have done mapping on different port of same public ip with different private ips using nat rules. now as load balancing is enabled, these rules automatically gets disabled.

      can you please suggest how to solve this?

    • profile image


      5 years ago

      how to allow https sites using transparent proxy in pfsense

    • profile image


      5 years ago

      You need to update some things

    • profile image

      Prakash B S 

      5 years ago


      I have a Leased Line and a Broadband line.

      I created load balancing on top of it failover.

      But, I want to mention, if leased line usage goes high, then only i want to activate broad band line. Because my boradband is limited with 150 GB.

    • profile image


      6 years ago

      Hi guys,

      my idea is as follows:

      I have one WAN 15 Mb/s - static IP from my ISP;

      In the same area I have access via WiFi to an 5 Mb/s link. ( both static and DHCP available, different GW from the first link);

      I want to set up pfSense on ALIX.2D13 with the following parameters:

      - Load balancing ( in a sense to combine both incoming links to get 20 Mb/s for my LAN);

      - Failover ( auto switch between the WAN links in case one goes down)

      I guess I would need to configure the Wifi link in a client mode and present it to the system as a second WAN;

      Not sure about the way to combine the links - could you comment on that setup please ?

      Cheers, Stan

    • profile image


      6 years ago


      I have two cable modems with their separate internet connection. Since usenet providers don't allow multiple IP connections simultaneously to one account, how can this be solved in pfSense?

    • skear profile imageAUTHOR

      Sam Kear 

      7 years ago from Kansas City


      There is currently a known issue with sticky connections not working so the general recommendation is to not use this feature.

      Bug tracker


      Without sticky connections some protocols like https, ftp, and sip have problems so you'll want to use failover pools for them. You could also use static NAT rules as well.


    • profile image


      7 years ago

      does sticky connections actually works? I have read some websites and pfsense forum that it does not work for some. I have tested mine and it does not work as well.

    • profile image


      8 years ago

      Hi Skear,

      Wish to build a router but I can't. very useful and interesting hub.

      Skear I have a question for you I have a CLEAR router and since the day I brought that garbage to my home the computer works but at a very low pace; I never watched a video because of the buffering. I pay the company 52.28 every month and I feel like I've being robbed.

      Can you guide me to which router is good for my computer? My computer is a Dell 47000.

      Thanks in advance.

    • skear profile imageAUTHOR

      Sam Kear 

      8 years ago from Kansas City


      The PowerEdge 2800 would make a nice system for running pfSense. It has several pci slots and room for a lot of hard drives. Besides a multi wan router you could set up a caching proxy server.


      I found a bit of information about the 2800 on the pfSense forums that might be useful to you.


    • profile image

      Shahid Saleem 

      8 years ago

      Aslam-o-Alykum Sir I am Purchase Dell Power edge 2800. My Usage Distribution Internet Connection Tell Me About Usage the Server. Pfsense Helpful My job.

    • skear profile imageAUTHOR

      Sam Kear 

      8 years ago from Kansas City


      Basically you would set up a dual wan router with three network cards. Both of the modems would connect directly to the pfSense router.

      The LAN port on the pfSense router would connect to your hub with the other 10 PC's on the network.

    • profile image


      8 years ago

      how can i use 2 internet connection in 1 network (2 modems for 10 PC using 1 HUB)? is this possible?

      im sing a broadband connection.

    • skear profile imageAUTHOR

      Sam Kear 

      8 years ago from Kansas City

      Hi Shafik,

      You can install pfSense on an old computer. You'll need to add a second network card if it doesn't already have one. Check out the links below for more information.



    • profile image


      8 years ago

      how i can get pfsene router

      what is thelink of this field

    • skear profile imageAUTHOR

      Sam Kear 

      8 years ago from Kansas City

      Thanks Paul! Good luck with your project. I always enjoy building a new pfSense box.

    • Gean Paul Tura profile image

      Gean Paul Tura 

      8 years ago from Philippines

      Very Interesting! Will get an old PC today and two NIC cards to start this project soon! Great HUB!

    • profile image


      9 years ago

      How to set up load balance when I only have 1 wan port with multiple gateway behind... is that possible to do ?

    • skear profile imageAUTHOR

      Sam Kear 

      9 years ago from Kansas City


      Thanks for the excellent tip! Most people who are setting up pfSense are probably replacing an old router anyway and could use it for this purpose.

    • profile image


      9 years ago

      Or use an old junkbox router with the wan side connected to the 2nd line modem, and the lan side connected to the pfsense OPT1 line.

      Configure it to talk to the wan modem as required, and for it to hand out a dhcp address to the lan side opt1 line like 192.168.3.x

      This gives OPT1 a different gateway. It's a hack, but seems to work for me.

    • skear profile imageAUTHOR

      Sam Kear 

      9 years ago from Kansas City

      Hey Bubbles,

      There are a couple of things you can do about duplicate gateways.

      1. Ask your ISP to provide you an IP within a different range (unlikely they will do this)

      2. Purchase a static IP address for one of the modems. The static IP will most likely be in a different network with a different gateway.

      3. Enable the shared physical network (system\advanced) and live with it. Its not officially supported but it will work. Version 2.0 deals with it much better than 1.2.x.

    • profile image


      9 years ago

      How do you solve the problem of having two modems with the same gateway?


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, turbofuture.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://maven.io/company/pages/privacy

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)