@Derelict @jimp thanks for that feedback. I'll will try as you suggest and report back. I had another conversation with a friend last night and came up with 3 other possible solutions as well. Ask the ISP for addresses in the same block with the same gateway(preferably in our original address space). I asked this yesterday day and waiting for a response. This is as @Derelict said. If the above isn't possible, can they tag the new gateway and I could at a vlan sub interface on the wan. Not sure this is possible in pfsense as I haven't had time to investigate. Add a dumb switch in front of my firewall and split their connection into 2 connections and use another interface on my box for the new gateway and ip's. While senerio 1 is the most desirable, anyone see problems with 2 or 3? We've had our public IP for over 10 years and while I could just get a block of them all together we would like to keep our existing. That being said since our existing is a 173 in a 24 block and the new ones are 208 in a 24 block is oblivious that our ISP is trying to conserve IP's by using 24's and not splitting the blocks up into smaller 28,29 or 30's. Why make 30'and limit the customers they can handle to 64 instead of 254... So I'm thinking or primary IP block is probably full which makes me think I'll be looking to solution 2, 3 or the above as jimp stated. And the no particular reason we would like to keep our existing IP, other than we've had it a long time...

Do you mean a HA setup with primary/secondary firewalls, or just a dual WAN configuration? If you mean a dual WAN, your question has two parts- You could add a rule to policy route 2.2.2.0/24 via the Failover connection gateway. If you have the primary on tier 1, and the secondary on tier 2, it will only use the secondary when the primary is down. Or I may have misunderstood. Please add more details. Maybe a diagram.

Me and my family are around 6 members with heavy usage. With all their devices connected one of the wans shows 0-3KB/s constantly while only one wan is being used to full. Maybe it's the same gateway issue, I'll try and repost here. As for MLPPP I think they do. Also The videos on youtube show that you can get combined speeds on speedtest and some people I asked say you can and some say you can't, it's conflicted opinions. As for things like steam and IDM that use multi threaded downloads to same server you should get combined speed.

Thank you Steve I found this Youtube video: https://www.youtube.com/watch?v=CXFzDfxa0mg non-English but very good demonstration of the same idea I already built it all in HW (no VirtualBox) : my home router allows me to set different subnets on each LAN port. So I just built a test pfsense box with 3 interfaces and hooked LAN side to the rest of my home network. That way I got a "Dual-WAN" setup Everything work fine: I'm able to test Policy routing and manual NAT rules. [image: 1534116425341-dual-wan-simulation-resized.png]

Thanks - that makes sense and helps me plan upgrades

I understood. However the recent setup was a static NAT translation to the private IP on the three devices on the LAN with ACL controls. Ideally we'd have a different setup and we'll certainly be changing the network topology (and reconfiguring the affected servers) in the future, but we just needed to quickly replicate the existing router setup to meet immediate needs and address the sanity of the network design as time goes on. The Cisco could not support our new 1G fiber connection and the XG-7100 handles it with ease. Sure, it's not the best setup. But it's working.

why would you want that? What is the win10pc going to do with such traffic? Just to go back out the internet on same interface to get to abc.com?

I would for sure get the details of what device they are going to put in to provide this connectivity... Or its just like wifi router marketing hype... You know the ones that say N300, but only have 10/100 interface.. And your like where exactly does the 300 come in? ;) Or how they currently add up the 2.4 and 5ghz bands to give you some number like 1200 or 1750.. All marketing nonsense.. No client can use that together so you should clearly label with the 2.4 can do PHY and what the 5 can do PHY.. And if you were going to be really honest - what can the user actually expect in real world speeds because users do not understand what PHY is.. Sure are system can do 1.5 but we only have a 1ge physical interface for you to connect too -- DOH!!!

@viragomann Thank you! Oops my bad. I am able to add multiple gateways to the same interface now. Guess I must have made some silly mistake earlier when I tried the same thing and got an error. I don't understand what you meant by "You will get asymmetric routing issues with that.". But it seems to be working now. Thank you once again.

Can I use the 2.3 XML config file if I upgrade to 2.4?

dns has nothing to do with ports.. If the server your trying to connect to is using a different port then the correct way would be in your ssh conf for this host.. Even if you were going to do some odd ball vip thing with nat your vip would be on the same network as the interface ie your 192.168.188 or your client would send that to its gateway IP since it would be off network. The correct solution to your problem is to just use your ssh conf for easy access to servers.. You can put all the info you need right in this file.. Nothing would have to be done on pfsense, and you can take that file with you no matter where you go, etc. example here is config I put in for a box uc.local.lan host client hostname uc.local.lan IdentitiesOnly yes user user IdentityFile /home/username/.ssh/id_ed25519 [image: 1533825819745-config.png] that is exactly what you are trying to do - and takes all of 30 seconds to setup and cvan put in all the info you would need to make connection simple and easy. Here this will help https://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/

I was trying to get things like DLNA auto discovery working across subnets, but gave up and went the lazy route with a bridge instead which solved the problem. Thanks.

I was using the gateway for awhile, but felt it was giving me poor results, so I switched to 9.9.9.9, but started getting some issues with that, now I'm on 8.8.4.4, so far so good the only reason I care is because it was causing my gateway group to flap, which kept reconnecting my VPN tunnels over the cellular backup

Who is your ISP? do you have your modem bridged? DSL, Cable or Fiber? More information on your network setup would be more helpful. If you are using DHCP for instance, I presume you're getting the IP from the modem and not the ISP, I also presume the modem is not bridged... but saying all that, I could be completely wrong.

i have same problem thank

Ah my misread then - thanks for the clarification.. My bad