I think, possibly, the problem was arising from an error in my VLAN configuration.  Thank you for encouraging me to examine my network in more detail.  In the end, I don't think it was a problem with the routes themselves, but rather with an error on my switch with the VLANs. I'm not 100% sure yet, but everything is working for now and I will see how it goes.

Create a gateway for 192.168.100.3. This should be created on the interface used to reach that gateway. Add static routes for all of those to that gateway This is all done in System > Routing

@fenichelar: Why? I have 4 NICs on my router, I only use 2. Because those are router ports. Not switch ports. But do what you're going to do. Can only suggest here.

Bump

I put a packet capture on pf1 lan and see traffic coming from pf2 but then nothing. There must be something wrong with the way I have the network wired up. Thank you for your help with my routing problem.

No offense taken whatsoever. Thank you for taking the time to reply Eddie. After a bit of reading and understanding I've managed to get Dual WAN working correctly for load balancing and failover (working both ways for possible LAN duties - VLAN maybe). All good so far. pfSense LAN -> Netgear GS728TP -> all my stuff pfSense WAN -> Vigor 130 (bridge mode) pfSense OPT1 (WAN 2) -> Asus 4G-N12 LAN However the Asus 4G-N12 warns that it is in a multi-NAT environment and consequently I cannot set-up DDNS which I need to do because EE will not supply me a static IP. Is anyone in the UK using any of the known working 3G 4G modems with EE and does the device have a bridge mode / passthrough mode or DMZ that allows me to use DDNS? Thanks

you can reduce to 1 firewall..  Not sure why you think you need another firewall for more vlans? "But for some servers we have 2-3 firewalls in 1 VLAN" That just seems crazy!!! For your different vlans you can either just use interfaces in the 1 firewall, or just use vlans on top of an existing physical/virtual interface.

Well yeah that would be the normal way to do it ;)  I have no idea what you were attempting to do other than create a train wreck ;) Glad you got it working, KISS is your friend when setting up networks…

here you go with the current config everything is working as expected. if i change wan 2 ip to an unused private ip. gateway monitoring and ping from wan 2 to internet stops working. [image: network.JPG] [image: network.JPG_thumb]

Sorry for hijacking but I have the same problem. 2 internet connections with pppoe. 2 subnets and each subnet should use one pppoe connection, so no balancing and failover. I have 4 interfaces. The 2 LAN interfaces work fine, but I can only get one WAN interface to work. If i deactivate one WAN interface the other WAN interface gets an internet connection. If both are active only one is working. Any ideas?

Where is your controller running?  On your lan, and your AP are on 2 different networks wifi and wifiguest?  Why do you not just put the AP on your lan and use vlans for wifi and wifi_guest?  So then you controller can see your AP on layer 2. If you want your AP on different layer 2 network than your controller then you need to use layer 3 adoption and management. https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Layer-3-methods-for-UAP-adoption-and-management

Please give more information on your current setup… What modems are you using? Are they static or DHCP? How is everything connected... What pfSense hardware are you using? in my opinion best thing to do is take screen shots of all your configuration and post them on here like this http://imgur.com/a/CI7nl with all that information then someone can help

you guys are awesome thanks!

Thanks alot for your explanation, makes things way more clear for me :)

What does your pfsense box have 2 wans?  And why do you not just connect your freenas to a switch port on your lan??  Or for that matter just put it on an different network segment lets call in your nas segment and then just route/firewall between your lan/nas segments? Bridges do not turn interfaces into switch ports.  If you need more switch ports on a specific segment, get another switch or a bigger switch, etc. etc..

@Derelict: pfSense doesn't care what APs you use, unless they're somehow broken. Alright, gotcha. Thanks a lot for the help! Going to start ordering it all now  ::)

So again lets ask what is routing these networks?  And how exactly do you have this host connected to both?  What is its routing table.. Is it windows machine - post up route print If linux netstat -r "If I have a host that needs to be in two networks to separate the traffic that needs to be separate" Why??? does a host need to be in 2 networks at the same time… If he is in 99, and needs to talk to something in the 66, why can you not route this traffic?? Yes you can have machine connected to more than 1 network at a time, but you wouldn't use both of these networks to route to a default.. So for example you could have the attached pic.  Where machines have an interface in 192.168.0/24 this would be their default gateway. They then could have another interface in 192.168.1/24 and they could use this interface to talk to each other - lets say for backup or something..  But you would need to make sure you use the 192.168.1 IP address of the other machine, or a fqdn that resolves to that 192.168.1 IP.  And 192.168.1 interface would not have any gateways set on it, etc etc.. [image: multihomed.png] [image: multihomed.png_thumb]