You should watch his other thread.. He cross posted this exact question in multiple places - this one didn't get any traction.

@johnpoz: When you create the IP on the bridged interface.. You would not setup a gateway on it - because then in pfsense eyes it becomes a WAN.. So just setup a gateway on pfsense under system routing.  There you go just like you would do with a downstream router. And again - what your doing is completely pointless.. Is it bridging now?  Then you have solved your problem.. Why do you think pfsense needs to get to the internet if your using it as a really shitty dumb switch that I am for freaking sure took you magnitudes of time and effort vs just buying a switch which yes derelict hit it right on the nose.. Just posting this alone was prob wasted $20 worth that you could of just freaking bought a switch if you needed some extra ports… Where in your original post did you mention anything about 10Ge or even in your 2nd post after I asked for the purpose even?  If you would of mentioned that your trying to leverage a spare box as soft 10Ge switch I wouldn't thought you the typical user asking how can I use that spare port in my router as a switch port.. Thanks - yes, it's working fine now. It took about 5 minutes from installing to having the bridge working nicely. The issue was that pfSense itself couldn't check for updates or packages (I use the "Notes" package to track things relates to the router), which is the only thing a gateway is needed for. I don't like to leave things half working, so I asked. It turned out that the setting "Use this interface as the default gateway" had to be manually checked in advanced config, that was all. Besides that, I'm sorry that you posted insults when they're unnecessary. I asked if we could restart without upset and you didn't take the hint. You assume it took ages and cussing ("a really shitty dumb switch that I am for freaking sure took you magnitudes of time"); it took about 5 minutes to get the switch up and running - it was just routing the management IP that was the issue. You don't read posts before flaming (" prob wasted $20 worth that you could of just freaking bought a switch"); if you can find any working 8+ port 10G SFP+ switch new or second hand on sale publicly anywhere in the world for under $20 I will personally donate the $20 to any charity you name and post the receipt here. The mention of 10G was completely irrelevant to the question of how to set up routing/gateway for a bridge IP. It would be the same config needed whatever the NICs were (KISS principle).  Your last sentence basically says it all: "If I knew you were doing it for that reason I wouldn't have made unjustified assumptions about your competence and acted like a troll"…. which you shouldn't do anyhow, of anyone, to anyone.

I think I figured this one out! My dang syslog was logging to a remote site over a tunnel, and the tunnel was flaky at random times so the syslogd was filling up the tcp buffer. I'll report back if it's stable for multiple days.

I found that  failover  shift to default gateway after 10 minutes. i am not able to reduce this time period.

100.100.. why would you this.. Is your router doing address translation across its interfaces when addresses are identical on two different interfaces? So 10.129 is that suppose to represent your public address? So your routing 192.168.101 it itself the router on the left?  The route on that router on the left to get to 192.168.101 would be to pfsense wan IP 100.100.129.10 So you setup your router on the left to nat this 192.168.101 network?  If not not going to work.  What would be the point of natting your 192.168.105 network to your 100.100.129 network??  And then to nat it again??

Is it possible to do a load balancing scenario with 4 WAN connections and failover? Yes. I see some people saying they are not able to do load balancing and failover with more than 2 WAN connection The only limit is that there are only 5 tiers so such configurations can only go 5 levels deep. pfSense Doc´s Multiwan

Rules are evaluated top down, first rule to fire wins,  no other rules are evaluated. Your say rule 1 is any any.. Well if that was the case and rule 1 was on top then rule 2 would never be seen. For lan and wlan to talk to each other you need to allow this traffic before you shove traffic down your pia gateway - your pia gateway doesn't have a clue to how to get to your wlan ;) top rule allow what you want between wan and wlan, could be any any with source of lan and dest of wlan Then next rule would be shove it out the pia gateway for what you want to go down that way.

Where is your smart switch?  Kind of hard to create multiple network segments with no smart switch, or atleast multiple physical switches. How many nics does the esxi server have?  Are you going to continue to use your isp gateway for wifi? You do understand that your vms do not have to be given access to your network at all.. Do they need internet?

It seems like Sticky Connections fixed the problem. Thanks.

I still have problem with this issue. I have two interfaces for multiWAN with two gateways: Interface wan Gateway for VDSL   Interface opt1 Gateway for LTE I can not uncheck "Default Gateway This will select the above gateway as the default gateway" on System>Routing>Gateways. I can only change default from one gateway to the other gateway. There is always a gateway selected as default. I think this influences traffic flow. Default gateway has significantly more traffic than non-default. I would like to have 50/50. Each gateways takes half load. In "System>Routing>Gateway Groups" is group "LoadBalancing". Both gateways in this group have same tier 1. Weight for both gateways is "1". I think since some updates ago there is now always a default gway. This wasn't before. Must there be a "default gateway" in multiWAN? Why? How to change this? Rgds AW

@jahonix: On which VLANs does that happen? i don't know, that a maybe can get discovered with wireshark. butt i can't have any vlan switching apart from one switch.  or i gonna need to buy a few new switches. @5E: Just bridge the lan with the wan port not an option i need the router (dhcp/NAT) function from the pfsense, i have a separate dns server running. i used to have a linksys router (cisco time) and then i had 1 lan port in bridge to the wan, butt that's not possible anymore. i got a tip for using a static dhcp for that mac address, and then a custom firewall rule, maybe is that an option. my network setup modem only -> pfSense -> unmanaged switch (8 ports) -> 3 pc's, 1 printer, 2 digicorders                                             |-> lite managed switch (24 ports) -> servers                                                           |-> unmanaged switch (16 ports)-> 2 pc's, printer, digicorder, ps3

This is working now! I needed to add mssfix 1300 to both ends of the ovpn tunnel, and i forgot to put a default GW for the secondary internet connection the ovpn tunnel was running over. I am able to tracert from "8.8.8.5" with gw 8.8.8.1 at SiteA and it goes through the ovpn tunnel and out the WAN at SiteB. great success thanks for all the help.

Hi, Did you ever found a solution? i'm in a similar situation. But no change to keep the digicorder before the pfsense. There are 2 mac address 1 for the internal network 192.168.x.x and 1 for the telenet 10.x.x.x But i don't know how to filter on only mac for passing through those packets. If it's even possible. Greetz Tiniduske

What works very good what you stated what you had /29 that you were connected too - no networks routed to you from your statements.

@jahonix: Basically you made Opt another WAN. What's up with your WAN on re0, why don't you use that? Its Correct, but I have 4 internet connection all via router(one in bridge mode) and all router connect to unmanaged switch, now to route through bridge router, I have to define gateway on WAN, and PPPoe over WAN, so I did that way if you or any one have other idea, please share, Always ready to learn new things Pardon my delay reply

I'm trying to do something sort of similar. Ill post a new topic maybe itll help.

Ah well if you have a L3 switch (router) downstream then pfsense should be connected to this router (L3 switch doing rouing) via a transit network.. Otherwise your going to have all kinds of asymmetrical issues.  BTW you didn't list your downstream router in your drawing and still use of /32 on your interface is going to be an issue as well.  You would want to use the correct mask for whatever your transit is - common would be say a /30 Then your also going to have to make sure your rules on your transit interface allow for the downstream networks, and you're also going to have to make sure your outbound nat is setup to nat the downstream networks. This has been coming up a bit lately.. If I find the time I will put together a wiki article on setting up downstream routers.. I thought I just did a thread about this.. Let look if I can find it. edit: Here is the one of the threads where went over the problem asymmetrical, and talked about downstream.. there have been others but I found this one first https://forum.pfsense.org/index.php?topic=105825.15 Derelict put together a nice drawing even in that thread. [image: index.php?action=dlattach;topic=105825.0;attach=75014;image]