Well u were right obviously. I've managed to make it work after all, doing it he hard way by restoring factory defaults and rebuilding everything from scratch. It must have been something conflicting from the all the changes I did to the configuration by trying to make it work using PPoE on all three DSL modems, which I understand does not play well with load balancing.

Thanx,

Vassilis

Are you doing the ping from pfSense to outside (e.g. Google)?
It's important because the firewall rules (policy routing) don't apply to traffic from firewall. For that situation you should enable the gateway switching (according to  System > Advanced > Miscellaneous)

If you're trying the ping from the PC, you must look over the outbound NAT settings, to be sure the traffic from LAN is translated to the secondary WAN IP.

Ntopng

It looks like bug 7719 which is fixed in 2.4.0 looks like it finally solves Dynamic DNS. It looks like it was an issue with gateway groups.

https://redmine.pfsense.org/issues/7719

I will be testing as soon as 2.4.0 is released and I'll report my findings!

@johnpoz:

In single mode your not pointing towards a gateway…  Or the only gateway you can to go is where your trying to go..

If you were load balancing, and it tried to go out the wan2 wan when your trying to talk to wan1 then not going to work is it ;)

Perfect, thank you. Appreciate the help!

More than happy to throw my advice at you, if there was an actual drawing of your network with enough details so wouldn't be guessing.  For example you mention hsrp - no where previous did that come up..

So your 3560 is actually a stack?  Are you going to run a lag to this stack so you have 1 physical connection to each switch in the stack.  Is there some other switch between pfsense and that?  Are you going to run pfsense in a carp setup?

If you would draw out your current network with enough details, then could make suggestions on what I would change, etc..

"so i could have 192.168.7.0/24 and X.X.X.48/29 on the lan side "

Not sure where your coming up with the 192.168.7 but sure you could use that on our local lan side along with your x.x.x.48/29 just on on the same network.. So 192.168.7 could be your lan, and .48/29 could be on an opt or a vlan..

First, it's time to upgrade your pfSense! 2.2.6 is pretty old, and one of the best things to come in 2.3+ was that apinger (gateway monitoring daemon) was replaced by dpinger – which is infinitely more reliable. Anyone who's been using pfSense for more than a couple of years will remember with much angst the nightmare of wrestling with apinger.

Once you've done that, I highly suggest you read https://doc.pfsense.org/index.php/Multi-WAN#Optional_Tweaks and experiment with the latency & loss thresholds.

The messages about IPSEC/OpenVPN/Dyndns are not important and do not indicate any problem. They are just basically debug messages from code paths that, in your case, are not being hit.

Good luck. If you need more specific help feel free to come back and ask.

Not quite enough info there to help you… can you post a screenshot of the rules on your LAN interface?

Rules are processed in order from top to bottom, so make sure you put any policy-based routing rules ABOVE your last "default" rule otherwise it will never get hit...

Generally, make sure you leave "source port" blank - 99% of the time source ports are random and you should only be concerned w/ Dest. port.

Did you change anything on the Firewall > NAT > Outbound page? (you should leave that on 'Automatic' until you understand it fully)

"can you explain from where the gateway 192.168.9.253 and 192.168.2.253 comes from"

As I told you already - those were my wan_dhcp gateways in the downstream pf1 and 2 I setup.. That is just my internet in my setup to mimic yours.  Here is a drawing..

"Both firewall communicate each other but can not access Internet."

Who can not access internet, can your 2 networks talk to each other? 192.168.0 and 192.168.10?  Did you mess with outbound nat?  When you create your downstream route it should automatic create your outbound nat for you.

Your going to have to post your setup if you want me to spot what your doing wrong.  How is it showing online when shows NO interface or connection just "NONE"  How does your wan have a 0.0ms response time??

setupsimyoursetup.png
setupsimyoursetup.png_thumb

Policy routing Will do that. (specifying a gateway on a fwrule)

Sorry for the belated reply.

The answer is not specific and definitive.
It appears that FreeBSD is more stringent on the rules it will accept for routing than is NanoBSD.

Look at the way your routes and gateways function.

Well static lags generally only detect link up/down AFAIK.

Then you have more modern stuff like LACP. its a bit more intelligent:
https://www.thomas-krenn.com/en/wiki/Link_Aggregation_and_LACP_basics

When multiple switches are involved you probably want STP (or brandspecific alternative)
https://en.m.wikipedia.org/wiki/Spanning_Tree_Protocol

pfSense Multi-WAN does not care if they are VLANs or physical interfaces. It works the same way.

:-[ Unfortunately I had another one today, 8 out of the 12 processors where going berserk on the interrupts, while there was only 20Mb/s and between 2000 and 5000 pps.