One odd thing I've just encountered, is that WAN 2 (OPT 1) is not able to connect to FTP servers.
I always get a "time out". I'm using Firefox web browser to view these FTP servers.

I tried FreeBSD, OpenBSD, Slackware, Debian, etc sites. (Official download link and various mirrors
around the world for each project). All "time out".

To make sure it isn't my connection, I connected a M0n0Wall box to it, and I was able to access FTP!
I double checked by using a Linksys WRT54G router (with third-party Linux firmware installed), and had
no problems with FTP.

I've tried enabling and disabling FTP-Helper. As well, I've opened up ports and such…It did nothing, as
I would still get "time outs". (I've sent all logs via Syslog to a PC on the LAN side, but I don't see any
pf rules blocking FTP connections).

Do any of you folks get the same problem?

This is specific to pfSense's policy routing approach.
(As discussed in Dan's Tutorial, see tutorial section)

Can's or Benefits

Manually assign which service/server or PC goes to which ISP. Manual failover. (As in if one ISP fails, you manually re-assign your LAN PCs) Consolidate multiple routers into one box. (Save space and electricity) Manually distribute the users on the LAN side to available WANs. Simpler to implement in complex situations (especially with VPN connections, etc).

Cannot or Disadvantages

See ZGamer's comment.

I played with it and found a simple solution.  I added a script to /usr/local/etc/rc.d named lan_alias.sh, did chmod to 755 on the script, and rebooted.

Script contents:
#!/bin/sh

case "$1" in
start)
      ifconfig em0 inet x.x.118.1 netmask 255.255.254.0 alias
      ifconfig em0 inet x.x.116.1 netmask 255.255.254.0 alias
      ;;
stop)
      ;;
esac

Indeed, good work Dan!

I'm testing your guide with two Cable (10Mbit) ISP connections here in Australia.

fxp0 => LAN
fxp1 => WAN
fxp2 => OPT1 (re-designated as WAN2)

WAN => Telstra Cable (due to bpalogin being needed)
WAN2 => Optus Cable

WAN and WAN2 are using DHCP.
(Telstra needs bpalogin to make the connection workable,
but really uses DHCP to get IP address, DNS info, etc).

LAN is using Static IP as I want to manual specify which
PC connects to which ISP.

I guess the only tricky part is that you must be specific
with the firewall rules!

I'm thinking about doing a complete detailed guide for
Aussie newbie users. (It should still apply for anyone with
two or more DHCP WAN connections)

Should I title it : "Consolidating Multiple ISP connections with pfSense" ???

@charles.regan:

ok thanks.

I did find an answer for my first question. Can CARP do load balancing in my setup?

You can do ARP balancing but I am not sure how well it works (never tested).

sure, just a basic setup wiht some introduction what is needed, maybe a small visio drawing.  :)

Hi All,

I have a fairly similar PF configuration, 2 x WAN and 1 LAN (Opt2 spare). I have so far not successfully been able to configure PF to route to WAN1 and WAN2. I have 2 Static IP's accounts for DSL, 2 Routers configured to Authenticate and both are active and data passing at each router. I can swap the routers to the WAN1 NIC and change the gateway IP and the default gateway works fine. But I have been unable to successfully set the NAT and Rules so that depending on the originating IP of a LAN PC to route to the nominated gateway.

I can ping the WAN2 IP from a Lan PC, but not the Router IP or the Static IP on that account, while WAN1 works perfectly. Obviously I have a setting issue somewhere with either or both NAT, Firewall rules. I have tried following the info regarding Dual WANS, but I have had no success at this stage. I have no intention of LoadBalancing the DSL accounts, but both active all the time.

Ultimately I would like to set up a Policy to route individual IP addresses/range to either WAN1 or WAN2, depending on how much traffic and downloads each individual uses. (1 DSL has small Download limit and the other has High Download limit, both 1.5/256, best we can get and it took 3.5 years to get this). But I am not sure which is the most successfuly way to configure this option.

Are there any plans at some point to work into PF or a download with particular configuration templates as a base to setup PF, as this would most likely save much time trying to troubleshoot many different configuration types.

Thanks for your assistance.

OK, that's what I thought but any of the actual build is currently supporting monitoring to start testing ??
The final milestone is near ….
:P

Gabriel

You need the following routes:

at Router A:
Interface LAN; subnet 192.168.4.0/24; Gateway 192.168.3.1
Interface LAN; subnet 192.168.2.0/24; Gateway 192.168.3.1

Router pfSense:
Interface LAN; subnet 192.168.4.0/24; Gateway 192.168.1.1
Interface LAN; subnet 192.168.2.0/24; Gateway 192.168.1.1

Router B doesn't need any routes as the default GW of this one is Router A

btw, why is there a GW at your OPT1 at Router B? You only need this if this is an additional WAN and besides that the gateway isn't in the range of the OPT1-subnet. This doesn't make sense. Delete the gateway there  ;D

by the way, i forgot to mention that this is not a office network, but 500 apartments and groving, that are sharing the same internet connection, together with cheap telephone, and cheap tv here in denmark

when we began to make this network, be did a lot of thinking about the structure before we implemented it, and i think today, we are happy with our subnetting, cause we get bigger and bigger with more apartments all the time, so its nice to have done things the right way from scratch.

anyway thanks for the replyes

sincerely
Carsten
www.sundbynet.dk

Here is how I would do it:

settings at your pfsense:

make rl0 WAN with static config using the LAN IP of your DSL router as gateway

make ral0 LAN

enable DHCP Server at LAN and configure it correctly

enable "advanced outbound nat" at firewall>nat>outbound and delete all rules after you enabled and saved (this way you are routing and don'T NAT any more)

create a rule at WAN to allow access from your dslrouters LAN-subnet

if you want to shut down access for the wifi hosts of your pfsense to your dsl-routers LAN subnet add a rule to block access from source any to destination dsl-routers lansubnet at the lan tab of the pfsense. place this rule above the "default lan to any" rule.

settings at the dsl-router:

add a static route for the wifi subnet of the pfsense with gateway wan ip of your pfsense

Thank you very much for answering my questions billm.  I'll try sticking 2 routers inbetween the modems and the pfsense box.  I'll let you know how everything works out.   ;D

I disable ftp helper but it didnt work properly, the work around I did was to only load balance my 80 and my 119 everything else through one of the wans.