@bano007:

@jahonix:

@esanchez:

You probably should change the LAN Subnet…
                                                             
PFS Wan: 192.168.1.8
PFS Lan: 192.168.2.1

Do NOT forget to specify a netmask when talking IP addresses!
192.168.1.8/24  does NOT equal 192.168.1.8/16
With your figures above a /16 would bridge your networks. A /24 doesn't

THX

One more question… i tryed to put in slot one more network card but i messed it up (long story short)... so i had to put it back as it was, but i can't remember does LAN have to bridge WAN?!?! or not....

So on interfaces > LAN > bridge WAN or none?? for the simple example above

when not bridged internet on pc-s doesn't work... cant ping DSL modem? and i am shure that it wasn't bridged before :(

I am little bit confused...

thx

GruensFroeschli:

thanks for the great explanation, sorry for the multiwanversion, that's really 1.2, sorry, anyways:

loadbalancing is working perfect in my current setup, but really can't get failover to work
(because of what you just explained)

so, will adding a router to isp2 will solve my problem? like this?

isp1 (gateway 111.222.333.444)–router–-
                                                                  |
                                                                    ---pfsense----switch----lan
                                                                  |
isp2 (gateway 111.222.333.444)-----------------

is this what you are suggesting?
if this is what you're suggesting, since loadbalancing is working right now without failover,
i might skip this configuration because of an additional router, since failover is not really important
(because if 1 isp goes down, the other goes down also, defeating the purpose because their the same isp)
just asking if i can find a way to make failover to work without an additional router, since it's not
possible, that'll be just the end of it...

thanks for the help...pfsense is really just great

and btw, i know im really breaking rules here, since i want to ask another question that's off topic

can i create firewall rules that block a specific program (i.e. like windows firewall), WITHOUT squid or squidguard? just firewall rules? and do you have a good "creating firewall rules tutorial" that i can reference?
just want to harden my pfsense and gain better understanding of how to create firewall rules

It just means that it will start two sessions on the cable for every one on the DSL. I don't have a screen-shot handy but if you follow the guide, you just add the cable connection twice.

you are correct i assumed a lot,  cable technology is and always will be easy to exploit

Comcast does suck, I have Cox and they take a lot of stuff from comcast (powerboost and most of their other internet technologies) and cox is up to 35 meg down and 5 meg up ($70/month) on docsis 3, so comcast is too, its just that they limit everything their customers do, i assume that they have these speeds as cox does, they just dont want to provide them yet, so this is your way of getting it.

This forum provides a search function:
http://forum.pfsense.org/index.php?action=search

–>
http://forum.pfsense.org/index.php/topic,13347.0.html

Please try to read the howtos:
http://doc.pfsense.com

(direct link: http://doc.pfsense.org/index.php/MultiWanVersion1.2 )

For your WAN3 you write: "need proxy".
Do you mean you need to connect over a proxy?
pfSense cannot have a WAN over a proxy.

Are your public IPs for WAN1 and WAN2 in different subnets?
You cannot have two WANs in the same subnet / same gateway.

I can ping yahoo,google etc. from shell but still got "Unable to communicate to pfSense.com. Please check DNS, default gateway, etc." error when accessing Packages through GUI. Any help please.

I did see this asked before on this forum but don't recall if and how it can be done.

Depending on the LAN subnets you might avoid the routing problem by adjusting the mask on the LAN interface (supernet).

Ok, thank you very much for the help ;)

Start by adding rules for VOIP (if not there already) on LAN and set the gateway of the VOIP WAN to use for outgoing traffic. Move the rules for incoming VOIP traffic to VOIP WAN and that should be it.

Well the functionality is already there.
In earlier version it was possible to enter the gateways directly by hand.
Although this confused some people and it was changed so you can only selcet interfaces directly.
But it still works if you do it the "old way".

What you have to do:
http://forum.pfsense.org/index.php/topic,9422.msg53290.html#msg53290

Have you got this working? Me too I'm having problems with failover when I try to disconnect one of my three WAN connections. I don't use VLANs and all three modemsa are connected directly to the pfsense box.

I have three WAN setup and I can get load balancer to work properly but not failover.

How did you setup yours? I hope you can help me. Thanks.

@clarknova:

As for seeding, on second thought, if you run a couple instances of bittorrent and get them to independently announce your separate WAN IPs then you should be able to utilise both WANs for incoming.

Yeah this will most probably work.
I read a bit up on the various bt client forums and this question has come up.
The general consensus is to run two instances of the client.

thanks for your help, sound like 2.0 will support multi wans native cant wait.

@jan:

My only apprehension are the servers that are publicly accessible, currently they are configured via 1:1 NAT, will WAN2 affect this? With regards to failover, if WAN1 goes down, what will happen to the publicly accessible servers? Will they still be accessible via WAN2? If not, what should be done in order for it to be accessible via WAN2?

TIA

You could configure an additional 1:1 NAT on WAN2 for the servers, which would make them accessible from either WAN, however the client needs to be 'smart' and figure out to switch to the other address. Doing failover for incoming WAN traffic is basically impossible with different ISPs on each WAN link unless you obtain an ASN and ARIN IP allocation, and obtain BGP-aware connections from your ISPs. This is a pretty high-end setup not available on most non-leased-line connections that requires quite a bit of expertise to do properly (and something more powerful than pfSense (Cisco or Vyatta etc.). If you really need this, setting up a cluster at a reliable datacentre to act as a smart failover proxy for the traffic makes sense, but if you're going to that expense it often makes more sense to just run the services on the hosted machine.

WAN2 won't affect your existing 1:1 NAT configuration though, so if you're fine with the status quo w.r.t. reliability, you shouldn't have to make any changes. pfSense is state-aware, so only new outgoing connections will follow the policy routing rules; return traffic on incoming connections will go out the interface the connection came in on.

Hello GruensFroeschli,
Thanks for advice.  there has other consideration that we see if pfsense can be utilized while under Windows VM. first need to solve is to have network supported from VM while running Pfsense.

Kevin