I think the problem is you need to switch your netgear  to route mode instead of Nat mode or disable Nat as it implies a firewall and will not route!  Like the other said you need to disable firewall on netgear.  You are better off using a separate interface and assigning that interface on the pfSense.  Switch the netgear ap mode then you have more granular control of your other subnet and don't have to worry about double Nat

Action: pass Interface: LAN Source: 192.168.100.100 Gateway: wan2 with doing it this way and also having Destination port range set to default (other) with nothing inputted. it wont open all ports to that computer correct?

knight, I too ran into the same issue, but am having some trouble. Currently all traffic is sent over OpenVPN to PIA. I am very new to pfSense (had it a whole 2 days now) and it is not clear to me exactly how to implement this rule. Any help you can offer is greatly appreciated. In the rules i see the following: Action: Pass Disabled: unchecked Interface: LAN TCP/IP Version: IPv4 Source:  Not sure what I should put here Destination: again, not sure what i should put here Advanced Features: many options here Thanks, -Edit Got if figured out and working! The key was to remove the two default rules pertaining to LAN traffic and adding one for the streaming services, and one for everything else. both rules required selected the appropriate gateway in advanced options.  Included are my rules for anyone else trying to figure this out. [image: 0seQZ5v.png]

From the description of your config, it sounds correct, but without screenshots of the gateway config, gateway group config, and rules it's difficult to say what it might be. Also be aware that packages like squid that intercept traffic will only leave via the default gateway since that traffic originates from the firewall and cannot be balanced.

I would consider tagging the internet traffic across the bridges and putting the management of the units on a VLAN interface. I would tag them both but the ubiquiti gear seems to prefer untagged management. Internet source switch: Modem: Untagged VLAN 100 Ubiquiti: bridge Untagged VLAN 200 Tagged VLAN 100 Bridges SSID on Tagged VLAN 100 Management: untagged Remote switch: pfSense: Tagged 100 & 200 Ubiquiti: bridge Untagged VLAN 200 Tagged VLAN 100 pfSense: WAN: VLAN 100 on eth0 BRIDGE_MGMT: VLAN 200 on eth0 10.100.X.X

@mkaliyannan: we have a setup like this :  ISP router with unmanged ports  –-- > managed switch--------------> Single NIC (emo)  WAN.  <–-Pfsense router --->  2nd NIC( em1) ----------> Internal LAN Subnets. I want to know is it possible to configure multiple WAN using VLAN from the switch to pfsense using single NIC ? Like this: https://www.youtube.com/watch?v=zrBr0N0WrTY (single ISP with multiple static IPs)

And dealing with the same thing and I am looking at having a script developed that would monitor the 2 interfaces and kill all states in a specific subnet or vlan to force the to re-register when the main gateway comes back up.

@Derelict: Use an outside switch and two pfSense interfaces. One on 90.182.100.240 / 29  GW 90.182.100.241 and one on  90.182.101.240 / 29  GW 90.182.101.241 I need to add that even this is ugly and really should be two different broadcast domains to two different ISP interfaces. But it will probably work as long as there is not traffic going out and back in the same interface. If there is traffic between the two /29s you will probably have problems.

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

After much tinkering all it took was to "Enable Forwarding Mode" under DNS Query Forwarding in the DNS Resolver settings.

Figured it out.  The MGMT interface has the mask wrong: set to /23 (network) instead of /32 (host) so the firewall was routing through it.  Changing to /32 and applying immediately fixed the route.

Well … I got brave and deleted the incorrect gateway instance in System > Routing. It was automagically replaced with the correct ISP gateway. Status > Gateways looks good now also. Correct GW IP, and status is Online. No drama !

CMB, thanks for getting back to me. Please excuse my ignorance, this is like trying learn Latin. When you refer to LAN rules, are you referring to the LAN Interface? Thank you very much.

i did create the 2 vlans 3,4 on the switch  and mention theip default gateway will be the lan ip for pfsense 192.168.1.1,However. i can't get an ip whenever i connect a pc to any switchport belong to 3 or 4. related to my lan nic it should be working fine as long as it accept already the subinterface ?

Not Sure on HTTPS, but by enabling Sticky Connection fix it, Still Testing …

Installed it, and it works now!!  8) Thanks