Other question regarding this problem: Is it possible to set up ARP behavior of every physical interface in pfsense?

Thanks Gruens!

this is my fault, I haven't follow the pfsense's instructions properly. I could solve this problem here http://doc.pfsense.org/index.php/MultiWanVersion1.2#Setting_up_Load_Balancing_pools

Manjula

Setting up for protocols that don't like load balancing

Some sites (for example banking sites) get upset when requests from a single session come from different IP addresses. To avoid this, protocols that are likely to suffer from load balancing are setup to favour 1 connection.

Note that use of the sticky bit (see above) should avoid this issue. If you are not using sticky bit, you definitely need this.

For each protocol that needs to be handled this way you need a rule on the LAN interface; the sample below is for https (port 443). The values marked in bold are the ones that change for different protocols.

These rules need to be above the final load balancing rule, and below the rules for DMZ access.
Parameter Value
Action Pass
Disabled unchecked
Interface LAN
Protocol TCP
Source: not unchecked
Source: type LAN subnet
Source OS Any
Destination: not unchecked
Destination: type any
Destination port range HTTPS
Log checked initially; uncheck when known to be working
Gateway WAN1FailsToWAN2 - or WAN2FailsToWAN1 as you prefer
Description Route https through one working connection

Other entries you are likely to need are SSH and POP3. For these just replace HTTPS in bold above with the protocol you requre, and amend the description.

a similar problem was killing me a few days ago…. i buy a Dell PowerConnect 2234 and configure pfsense with 3 VLAN for internet conections, nothing work at that moment and after changing the MTU on de VLAN interfaces i got internet traffic again..

ok

if I had 3 wan and some of my client make downlaod from wan1 and he use all band in wan1 can load balance use the others more than wan1 to not let the internet slow ?

http://www.hotlinkfiles.com/files/99466_h4vnm/vlan_setup_part1.swf

http://www.hotlinkfiles.com/files/99465_knuav/vlan_setup_part2.swf

Quick update:

Opt2 is not using the correct gateway, but its totally bypassing captive portal.

To get it to work I had to add a rule that allowed all traffic to reach the interface address, as shown below.
If I disable that rule, then routing to the internet breaks.

Ok so how should I set it up? Is this referred to as a transparent bridge?  Also will it load balance the wan links? I read some older posts that claim load balance and bridge won't work.

Hi,

I got it working the source routing part. All I need was to put a PASS ALL rule on the wan2 interface.
and other thing is I had installed SQUID on the box. Uninstalled it.

Failover seems to be working partialy because when the failed link come back, seems  like its not using that link for traffic.

I will test it out more and inform you guys.

Thanks

Anyone have any ideas as to why I am having the problem?

PS I have fixed the issue with getting to my domains from the inside, thank you

Luc

@kapara:

Subnet A  192.168.1.0/24
Gateway  192.168.1.1

Subnet B  192.168.2.0/24
Gateway  192.168.2.1

Actually, I don't see the show stopper here.

Depending on the amount of traffic you want to push between the subnets you can do this with VLANs on a VLAN capable switch or with separate NICs in your pfSense.
One for each subnet. I'd prefer that if you're not comfortable with VLANs or if there is too much traffic between the two subnets.
With VLANs it has to pass a single NIC which could be saturated.

Configure the interfaces (be it NICs or attached VLANs) with your gateway addresses and set firewall rules per interface approprietly.

@SpaceBass:

From what I understand, pinging and traceroute using anything other than the WAN interface is broken.

Broken is the wrong word.  FreeBSD does not have multi-homing.  We achieve dual wan features by using PF's route-to.  Unfortunately there is no way to use route-to from the host (that we know of) without doing some sort of complicated loopback / nat tricks.

What about VirtualIPs?
I have a similar setup from my ISP. I just set the subnet masking appropriately then added the other IPs as VirtualIPs.
Not sure how that will play out with DHCP, seems kind of strange that they wouldn't give you statics…but you might try.

Thanks for the report!  Ticket opened.
http://cvstrac.pfsense.org/tktview?tn=1548

@KiaN:

I think I must be missing someting.

How can you specify the pool as the gateway ?

In the Firewall rule there is a Gateway option. That allows you to select the WAN ports or the Pools. Select the Pool you have setup

If there is a better solution which is as easy as pfsense to setup meaning no linux/freebsd knowledge I would use it.  I have not been able to find an easy solution.

Thanks

Bump

Still at a complete loss on this one - I've set HTTP/HTTPS to go via WAN2, rebooted, double- and triple-checked rules and rule order, but everything is still going out through WAN1 (even when I explicitly disabled the load-balancers). Anyone have any experience of this?

I'm having what sounds like the same problem. I submitted it as a bug because hours of googling I found others with the same issue. Here's how mine presents:

version 1.2RC3 embedded on Dell PowerEdge 750 on CompactFlash
2 embedded gigabit NICS connected at 100Mbps (WAN and OPT1)
1 3Com PCI NIC (LAN)

Both WAN and OPT1 are set up and connected to different DSL modems on different ISPs. For each I can ping the gateway through Diagnostics|Ping on the corresponding interface.

When I try to set up my first Load Balancing Pool as per the MultiWan1.2 document, only WAN is available in the list of interfaces.

Help!

I failed Italian and Slackware, but you are perhaps trying to configure multiple subnets on your interface?
This thread has some good information on that topic: http://forum.pfsense.org/index.php/topic,6971.0.html

Using Userland-PPP it's pretty simple. I've got a page where I detail how I accomplished it here. Implementing it in pfSense shouldn't be too hard at all. By far the most difficult part will be getting pfSense to use Userland-PPP instead of MPD.