First of all, thanks for your reply.  :)

It is not.

This is the info page on the affected WAN interface:
https://www.dropbox.com/s/j9mjy2iyr0ggdk4/Screenshot%202016-01-27%2010.40.21.png?dl=0

Only thing missing is the name and the checked "Enable Interface" box.

I've been thinking though. Maybe I'm looking at the problem from the wrong end - PFSense can't talk to the router behind the interface, sure, but maybe it's just that the router there doesn't answer. Which would be weird since that one does not have a firewall (or really any other capabilities) enabled, but it's definitely something I will have to look into.

@kabrutus:

Does failover work with that many WANs?

Sure. 20 WANs is no diff from 2 in that regard.

Thanx everyone! As a newbie on pfSense this is most helpfull for me. For a couple of years i've been poking around with 2 wans and the right solution to shape traffic.
Recently i was pointed in the pfSense direction, and since that i've been reading and reading on how to implement it in my household. Like Derelict said; better read the manual before turning on the machine!

Again, thanx  ;)

Worked perfect. Thanks again  :D

I have all my opt interfaces renamed.. that has nothing to do with your problem..  Unless maybe your trying to call 2 the same name?

Some are physical nics, others are vlans on physical nics - see attached.

interfacenames.png
interfacenames.png_thumb

Hi
Two things come in mind when i see your setup.

Did you configure the VLANs on the client side properly? The packets need to be tagged with the correct VLAN id (automatically or by the client) and accepted on that Port on the Switch. Do you see the blocked Traffic in the firewall log? Then you are missing a firewall or NAT rule to allow traffic to the Internet or other subnets.

Everything else seems correct.
I can not tell you the VLAN setup on the ESX side, as I currently have no ESX by hand to check or test some settings.

I figured it was that simple.

Thanks!!

The issue is solved. In Static mapping, I had to select IP blocks different than my ADSL modems. As you see above, my Modems (WAN Interfaces) sit on 192.168.2.x and 192.168.3.x

So, when I set Static mappings for my client devices as 192.168.2.x and 3.x; those devices fail to access internet.

I choose 192.168.0.X or 192.168.4.X, and devices succesfully connected to internet.

Thanks for helps.

This has helped us solve the problem:

TIPS:
[1] Diagnostics/Misc
Go to Status -> Interfaces
Go to Diagnostics -> Routes
https://forum.pfsense.org/index.php?topic=43982.15

In System -> General Setup
a. Uncheck:
Allow DNS server list to be overridden by DHCP/PPP on WAN
REF: https://forum.pfsense.org/index.php?topic=43982.0
b. Try setting "Use gateway" to none for the Google DNS servers

[2]
DNS Resolver -> Set "Enable Forwarding Mode:" to true:
Controls whether Unbound will query root servers directly (unchecked, disabled) or if queries will be forwarded to the upstream DNS servers defined under System > General or those obtained by DHCP/PPPoE/etc (checked, enabled). Forwarding mode may be enabled if the upstream DNS servers are trusted and also provide DNSSEC support. Forwarding mode is necessary for Multi-WAN configurations unless default gateway switching is enabled.
REF: https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

[3]
System -> Advanced -> Miscellaneous -> Load Balancing
Set Enable default gateway switching to true:
If the default gateway goes down, switch the default gateway to another available one. This is not enabled by default, as it's unnecessary in most all scenarios, which instead use gateway groups.
REF: https://forum.pfsense.org/index.php?topic=72445.0
REF: https://forum.pfsense.org/index.php?topic=45081.0

your 2950 is only layer 2, it will not do L3 that I am aware of..

so you have 250 and 251/24 running on the same layer 2 or do you have this setup with vlans using pfsense to route these?

Why don't you just connect your buildings with a transit network between your pfsense and then you could just use policy based routing for any client in building A to use the internet in B, or you could have B use internet A if you wanted, etc..

Since you show a client on that 251 segment this is clearly not a transit network.

If you connected your building correctly, simple routing/firewall rules to allow whatever you want to use whatever wan connection in either location.  You could have multiple networks in each location, etc.

Done correctly you would never have to change a clients gateway, done correctly you could even leverage the wan in each location for load balancing, nor would you have to do any natting between your rfc1918 address space, etc. etc.

transitconnectbuilding.png
transitconnectbuilding.png_thumb

My guess is just lack of understanding.. Or some mindset that is still stuck in the classes of IP ranges that has been completely meaningless since what the early 90's when cidr came out - just boggles my mind that they still even talk about class in books and school..

You would never in a million years put that many clients on a broadcast domain, the only place I could really see such masks are in route summaries and or allocations of networks to a site, etc.

"route delete x.x.x.x" where x.x.x.x is the network address in question.