Yeah, the VLANs on the consumer stuff failed hardcore with what I wanted. So basically what I'm trying to do is this: the different networks are physically separated. In other words, the AP for the home network runs just that network, and the AP for the guest network runs only that network. So lets say the home network would be LAN1 - all the APs and switches connected to this are only for the home network, which means full access to everything on this network as well as to WAN and OPT1 which is connected to the guest AP which runs only 1 SSID for the guest network and has no other physical connections, it also needs to connect to WAN But I don't want LAN1 to be able to talk to OPT1 at all.

The reason is, if i would just connect it with switch, they would randomly get IP from the dhcpd on the left, and that would make them use internet connection from there. I would like to avoid that. Right now lease time is 24 hours. But i want it to be working when error occurs even, if i will be away for a month and something will get broken.

Thank you! It works.

@johnpoz: Derelict – I said the same freaking thing before him ;) "If the boxes are pointing to pfsense as their gateway" My bad that I let the technician configured the boxes and did not check them thoroughly as the location of the boxes are too far apart from the control room … SORRY!

Hey Phatsa, Did you figure out the configuration? We would like to do something similar – slightly different reason. We want to have two companies on one ISP connection and one pfSense box that will do traffic shaping.

Since your WAN interface is in a private network range, check if you have deactivated the "Block private networks" option in the WAN interface settings?

Thank's a lot! Your advice has resolved my problem.

" Hardly "moronic" to want to avoid that." Sorry but yeah… If you want HA then setup carp.. With you using each dept with their own ISP.. They all still have a single point of failure.. Your not leveraging the different connections for any sort of failover or ha setup.. You currently are using CARP with HA setup..  What the OP is asking for is stupid.. doesn't even have a smart switch, etc.

Turns out everything was working. The other side detected multiple connections from the same account and did not like it.

You may route this on pfSense to the client 10.10.10.80, but this route will be applied to any connection passing pfSense, also upstream from LAN hosts. In addition if 10.10.10.80 isn't a router itself with a public WAN address you either will need a route for 10.10.10.22 at the other side or do source NAT at the client for this connection.

"I pay for a 150mbps connection but only get 30-50mbps" So your saying wired to the powerline adapters you only see 50mbps.. But if wired to pfsense directly or with normal switch you see your full bandwidth?  Or when connected to the modem you see full but pfsense is downstream of your modem via powerline?  Can you draw up the constraints your working with..  Why exactly can you not run a wire from the modem to the rest of your network?  What powerline adapters are you currently using.. They are not all created equal that is for sure.. "buy a new wireless USB" Usb is just going to be crap.. I wouldn't even consider this as an option.. "use LAGG or some other combination of wireless and wired to combine the interfaces for speed" Not sure where you get the idea that lagg will give you more speed?  1+1 = 1+1 it does not = 2 in lagg.. So while you could load share across the lag.  A single client is not going to see any sort of speed increase.

here is what rule i have for the Opt1 its named wireless AP [image: 1.png] [image: 1.png_thumb]

Noted. Best regards Kostas

^ true anyone wanting to bridge interfaces to be on the same layer 2.. Only needs a dumb switch to take on that role.