I have the same issue, did you manage to get it working?

@viragomann:

To solve, add an additional rule for VPN traffic (put all LANs in an alias and use this as destination in the allow rule) without the gateway option and put it to the top of the rule set.

That worked. Thanks!

After reading several other posts.  It looks like PF Sense doesn't support what I'm looking for.  Bummer.

dude if you need ports, and you want to create new networks - get a managed switch.. They are $30 for a 8 port gig smart switch..

Yes for pfsense you can get by with just the 1 lan side port with vlans on top of it.

We tried several of those (member down vs. Packet Loss/High Latency) with no improvement.
Generally I'm unsure how this setting applies as we're not looking for failover, but loadbalancing.

Any other ideas?

Well are you seeing your discover go out with the tag?  Are you not getting back a offer?  Then contact your ISP.

I would break it up with a smart switch vs having pfsense do it, since not sure what you think pfsense is going to do with IPTV vlan?  See drawing added to previous post

hi there Derelict!!
Thanks for your advice!! I will give that a try now :)
thanks for your help! I will let you know how it goes :)
Gazzzman

You should watch his other thread.. He cross posted this exact question in multiple places - this one didn't get any traction.

@johnpoz:

When you create the IP on the bridged interface.. You would not setup a gateway on it - because then in pfsense eyes it becomes a WAN..

So just setup a gateway on pfsense under system routing.  There you go just like you would do with a downstream router.

And again - what your doing is completely pointless.. Is it bridging now?  Then you have solved your problem.. Why do you think pfsense needs to get to the internet if your using it as a really shitty dumb switch that I am for freaking sure took you magnitudes of time and effort vs just buying a switch which yes derelict hit it right on the nose.. Just posting this alone was prob wasted $20 worth that you could of just freaking bought a switch if you needed some extra ports…

Where in your original post did you mention anything about 10Ge or even in your 2nd post after I asked for the purpose even?  If you would of mentioned that your trying to leverage a spare box as soft 10Ge switch I wouldn't thought you the typical user asking how can I use that spare port in my router as a switch port..

Thanks - yes, it's working fine now. It took about 5 minutes from installing to having the bridge working nicely. The issue was that pfSense itself couldn't check for updates or packages (I use the "Notes" package to track things relates to the router), which is the only thing a gateway is needed for. I don't like to leave things half working, so I asked. It turned out that the setting "Use this interface as the default gateway" had to be manually checked in advanced config, that was all.

Besides that, I'm sorry that you posted insults when they're unnecessary. I asked if we could restart without upset and you didn't take the hint. You assume it took ages and cussing ("a really shitty dumb switch that I am for freaking sure took you magnitudes of time"); it took about 5 minutes to get the switch up and running - it was just routing the management IP that was the issue. You don't read posts before flaming (" prob wasted $20 worth that you could of just freaking bought a switch"); if you can find any working 8+ port 10G SFP+ switch new or second hand on sale publicly anywhere in the world for under $20 I will personally donate the $20 to any charity you name and post the receipt here. The mention of 10G was completely irrelevant to the question of how to set up routing/gateway for a bridge IP. It would be the same config needed whatever the NICs were (KISS principle).  Your last sentence basically says it all: "If I knew you were doing it for that reason I wouldn't have made unjustified assumptions about your competence and acted like a troll"…. which you shouldn't do anyhow, of anyone, to anyone.

I think I figured this one out!

My dang syslog was logging to a remote site over a tunnel, and the tunnel was flaky at random times so the syslogd was filling up the tcp buffer.

I'll report back if it's stable for multiple days.

I found that  failover  shift to default gateway after 10 minutes. i am not able to reduce this time period.

100.100.. why would you this.. Is your router doing address translation across its interfaces when addresses are identical on two different interfaces?

So 10.129 is that suppose to represent your public address?

So your routing 192.168.101 it itself the router on the left?  The route on that router on the left to get to 192.168.101 would be to pfsense wan IP 100.100.129.10

So you setup your router on the left to nat this 192.168.101 network?  If not not going to work.  What would be the point of natting your 192.168.105 network to your 100.100.129 network??  And then to nat it again??

Is it possible to do a load balancing scenario with 4 WAN connections and failover?

Yes.

I see some people saying they are not able to do load balancing and failover with more than 2 WAN connection

The only limit is that there are only 5 tiers so such configurations can only go 5 levels deep.
pfSense Doc´s Multiwan

Rules are evaluated top down, first rule to fire wins,  no other rules are evaluated.

Your say rule 1 is any any.. Well if that was the case and rule 1 was on top then rule 2 would never be seen.

For lan and wlan to talk to each other you need to allow this traffic before you shove traffic down your pia gateway - your pia gateway doesn't have a clue to how to get to your wlan ;)

top rule allow what you want between wan and wlan, could be any any with source of lan and dest of wlan

Then next rule would be shove it out the pia gateway for what you want to go down that way.

Where is your smart switch?  Kind of hard to create multiple network segments with no smart switch, or atleast multiple physical switches.

How many nics does the esxi server have?  Are you going to continue to use your isp gateway for wifi?

You do understand that your vms do not have to be given access to your network at all.. Do they need internet?