Add a pass rule on top of your loadbalance rule with default gateway for the dmz subnet. It has to be excluded from loadbalancing.

You need a second parallel tunnel for this as the traffic you want to send through doesn't match the tunneldefinition you already have. Add 2 identifiers at both ends to be used for this (as the tunnels will run between the same public IPs as endpoints). The second Tunnel should have the definition for 192.168.1.0/24 <-> 10.10.11.0/24.
Another (maybe in this scenario easier) solution is to change the subnetmask at the one end to 10.10.0.0/16. In both cases you need a static route at the pfSense located in the 10.10.9.0/24 subnet to the gateway to 10.10.11.0/24 subnet.

It's simple roundrobin of new connections. This way even a single client can utilize the full bandwidth of multiple WANs with multiple connections. You can't use weights for to make the WANs be used 2:1 for example. Different WAN bandwidth is no issue though. I have a loadbalancing setup at the office of 2 WANs, 2 mbit/s SDSL and 6000/640kbit/s ADSL.

Please see http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing and  http://doc.pfsense.org/contrib/PFSENSE-LoadBalance-FailOver-V3.pdf how to set up policybased routing/loadbalancing.

Please post your firewallrules. There must be something missconfigured.

Thanks for all the help, I do appreciate it.

I decided to yank the nic & put in a 2nd switch. Figured $15 is better than spending anymore time on it, specially since I pretty much suck at anything dealing with the command line.

I doubt that can be easily done with 1:1 NAT (first match wins and that is the match for WAN). You probably need portforwards from WAN to the internal servers and from WAN1 to the internal servers. In this case the state will handle which connection is used for the answer.

Yes, you can do this, add the ip's to a alias, and make a rule that has destination to that alias –> route to wan1 or wan 2 respectively.

Problem solver  ;D

The problem was in the MT box afther the pfsense box.

@vkeven:

After reading some documentation about openbsd i think that te problem is because PfSense does'nt implement the "REPLY-TO"

Read This

http://www.openbsd.org/faq/pf/pools.html

OpenBSD Doc are really done well!!!!

I switched from OpenBsd to Pfsense because I really love the web interface but I think that the command line will never be replace by a GUI , OpenBSD i'm back home!

This issue has nothing to do with reply-to or whether we use it or not (we do).  It has more to do with how we detect the gateways to auto-create the reply-to.  I'm confident that we ignore duplicate gateways.  I expect some day I'll change that code, but I'm sure that's what's biting you.  If you can insert a layer 3 device between WAN2 (binat if you need to) and the duplicate gateway, your problem will likely go away.

–Bill

Those are broadcasts that don't leave the local subnet (think what would happen if the broadcasts would leave their subnet; poor internet!). You would have to setup some kind of central server all your clients log on to find each other. Don't know if this is possible for your application but in case the application is designed for anything larger than single LANs there should be an option.

"I wouldn't think so but you need to make sure that ALL traffic for the game, etc is going out wan #2 via policy based routing."

The 2 wans will be on separate subnets. I was concerned more with the performance of the actual PC e.g downloading at 10 meg and still being able to service the othter wan without lagging the connection.

thanks for the reply

I'm not sure what you want to do with that setup but bridging LAN to WAN might be an option (pfSense will then only have one IP-Adress that you need for administration).

Ok, that is most likely my problem then. I used the IP address for Google as the monitoring IP for both. I'll change that when I get home from work and see how it goes.

Thanks!
-Alex

Solved using this procedure:

1-Leave DNS forwarder enabled.
2-Place DNS in  Services->DHCP server for OPT1. This allows correct host name resolving
3-NOT allow DHCP on wan to override DNS set in System General Setup.
4-Add a rule to allow acces from OPT1 to 15.0.0.1 (OPT1 interface webconfigurator) with Gateway set to default instead of Loadbalancer.

Thanks

Haha, guess it was easier to handle than the cisco as you didn't even need a guide to set it up  ;D

You have to add a firewallrule with default gateway for all the vpn destination networks on dual WAN/loadbalanced pfSense or the loadbalancer/multiwan will send traffic directly to the WAN gateways bypassing the internal routingtable. I have the same setup at the office and it'S working fine when these rules are in place. You should move them to the top of your lan rules.

As I said, this is not yet implemented. Patches accepted.

This is a faq. Only connections running THROUGH the pfsense can be balanced. For everything running at the pfSense itself the default gateway is the WAN gateway. So squid can't make use of any gateway other than WAN unless your squid runs on another box inside your LAN.

That project is no longer active.  We took over SLBD code in our tree about a year ago.

http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/pfPorts/slbd/