Seems your isp doesn't like it.. Or maybe google doesn't like it from where your coming from?  Or network between you and google and opendns doesn't like it and drops it.  Maybe there are network problems currently between you and them and those packets are being dropped because of min effect on overall traffic, etc.

Could be many reasons for it.  Hard to say where the issue is since you do not have control over the other side.. You could try sending zero sized icmp to somewhere you have control over and see if they get there.  If they do and answer then you can rule out your ISP blocking/dropping them.

How good is your isp, maybe you can open a ticket with them about it and they can provide some insight?

when putting multiple gateways in a group with the same TIER they will balance. When one of the gateways goes down, it'll continue to work over the remaining gateways.

you seem to be misunderstanding how policy routing works.
as you can see in your screenshot of your LAN rules: only the MULTIWAN-rule is being triggered,  the ones below are useless.
rules are processed top–>down, first match wins.

https://doc.pfsense.org/index.php/Troubleshoot_Outbound_Load_Balancing_Issues

If it's just one client, load balance all traffic from that client.

Put the Mikrotik in bridged mode only.  I have one downstream from my pfSense router and it's set up that way and works fine.  pfSense does the DHCP, DNS, NAT, etc.

I can say, that pfctl -i igb0 -k 192.168.65.0/24 is not working (not killing any states), if igb0 has ip not from 192.168.65.0/24 subnet.
If it is WAN nic, it will have its own connections established as NAT states.

There is several ways to solve that issue, but its stilll in test.

I figured it out. Thanks for all your help everyone  ;).

If you want to know what was wrong or what I did send me a message.

@Derelict:

Outbound NAT rules do not "point anything" anywhere. They do not route traffic.

They determine what happens to the source address and port when traffic is already routed out that interface by the routing table, policy routing, etc. As in, "If the traffic source matches this, translate the source address and port like this on the way out this interface."

If you are in manual outbound NAT mode it means just that: manual. You have to create all outbound NAT rules. Creating an interface will do nothing there.

When going from auto NAt to manual Nat pfsense created all rules for me to see.  I'm just saying that after creating two new WAN interfaces and doing Auto NAT -> Manual Nat again, the new interfaces are not showing up automatically like all others did.

I don't know if it is a bug, or if they do exist and by creating them manually I will be duplicating them because they simply are not visible (but exist)

But thanks, you explained what I needed to know :)

Ok thanks

Son of a B. With the /24 this actually works.  No additional gateways.

1. Add virtual ip with /24
2. Add fw-rule src any, dst new.ip.add.ress type icmp/ping

Test from the internet, you get an answer.

Also tested to add the ip as a HAProxy ip, that works as well (need another fw-rule though).

states don't get killed when the main gets back online. new states should/will

You have a single network interface (LAN), with both gateways in the same network, accessible via the same interface. This does not do what you intend.

For multi-wan you would expect multiple WAN interfaces and a seperate LAN interface like so:

WAN1 X.X.X.1/28 gateway X.X.X.2 WAN2 Y.Y.Y.1/28 gateway Y.Y.Y.2 LAN 192.168.253.1/24

@DigitalDick:

Hi,

Thanks for replying. All devices are on the lan, so I'm using 192.168.1.13 to try to rdp to 192.168.1.11. Before I had PFSense installed I could RDP with no issues. Only mod I have made is a NAT rule to allow Plex out to the internet so its not heavily tweaked yet.

Thanks,
Rich

So given I have made no changes, I took on board what you said….and I don't want to talk about it anymore, OK ! ! :(

I thought id teamviewer on to said machine, turn off firewall and well hello, I could RDP, so made the chnges in the firewall on the remote machine and turned the firewall back on and all is good. Thank you sir !

I'm guessing the fact I had changed my "Wireles Connection Profile" acter connecting to PFsense It assumed I wasn't on the private network and had it as Public or something.

Still though, thank you sir, I will go hang ones head in shame !

Sure seems like multiwan, one is his primary his layer 2 primary circuit to get somewhere and other is a vpn connection to that somewhere over an internet connection I would assume.

So just treat it like 2 wan connections.

Additional information.
When one of the links is offline, the log pfsense is flooded with this information:

Sep 15 09:56:11 dpinger WAN2_DHCP 200.177.70.65: sendto error: 64

nothing in the sys log really jumps out at me, quality looks good and it even has better RTT times then the dsl lines do, 2.3.2-RELEASE,
darkstat, iperf, ntopng, pfBlockerNG, squid, squidGuard are the only packages

so your using the resolver??  Did you modify your ACLs to allow for these other vlan/networks to use unbound?

acls.jpg
acls.jpg_thumb