Pass what you need them to have access to and block everything else.  The way you're doing it if you start another service on the firewall, change your webgui port, etc you have to remember to specifically block it. You need to add things like DNS servers to your captive portal allowed IP addresses in addition to passing the DNS traffic in the regular firewall.

Multi-WAN and bonded circuits are often confused. Multi-WAN means you have one or more WAN connections that pfSense can use.  This is very common in a business setting where you have one Internet connection that for example can be the "main" WAN connection and another, less expensive link as a "secondary" or "failover" link.  If you have a failover gateway group created, traffic can go from using the main connection to the failover if the main link goes down.  Gateway groups can also be used load balance Internet connections by balancing traffic across the two links.  This is different from bonding links together.  Balancing traffic mean each connection would carry traffic exclusively versus a bonded pair that presents all of the bandwidth as a single connection. https://doc.pfsense.org/index.php/Multi-WAN https://doc.pfsense.org/index.php/Gateway_Settings

Just to update, I have figured out my problem. After troubleshooting and speaking with the ISP, they assign port 1 to DHCP for when they have problems ons-site, so I cant use it… I can only make use of port 2,3 and 4. Wish they would have clarified that after the last few calls, what a shit router sigh... Ile end up using something like virtual ips and a mikrotik/cisco from here on out. Thanks for everyone's help.

Yes this is what I was looking for! I tried it and it is working. Thanks!

As far as compatibility is concerned have a look here: https://www.pfsense.org/hardware/#requirements and here: http://www.freebsd.org/releases/10.1R/hardware.html Please do your part first before asking others "will it work". We have to look it up as well, so can you. Rule of thumb: the cheaper the less likely it'll work.

This is normal behaviour.  The Cisco 2800 is NATing your clients behind it, just like how your pfSense WAN NATs the LAN traffic behind it.  Do you even need that 2800 in the mix, or could you replace it with a switch?

Well, I now see you're pinging 8.8.8.8.  Guess it's far from you.  Maybe try using something closer.

pfSense is not a switch.  Your switch is a switch. Not sure what you're trying to do but whatever it is, it's beginning to sound like you're doing it wrong.

I was looking at the arp table. Two of my server have not resolved to a hostname so I do have a dns issue thanks for pointing that out. Sometimes you just miss the simplest of things ya know.

VLANS are what you need to read up on.

@rubic: [image: nat.png] full working config Thank you for your response. I will try again at the weekend with the further info you have provided. Many Thanks

That is correct, Derelict.  Sorry for the confusion.  These are new acronyms for me.

To clarify a bit: You could, once you know the gateway is down, manually disable the gateway by checking "Mark gateway as down" under System > routing in the gateway entry. That would prevent it from being used once it comes back up. There's just no way to automatically fall into that state.

The problem happened again, so here's what I was able to test/determine: Once the problem happens, no email goes out to the Internet from that computer (several different servers were attempted) DNS lookups work From that computer I cannot ping google.com (which works typically) From that computer, I can access the Internet using a web browser – I suspect because I have ports 80 and 443 load balanced with a different Internet connection. I did not see anything unusual in the mail server's mail.log I did not see anything unusual in the mail server's system.log I hadn't mentioned before that networking internally to that server works as normal. It feels like pfSense receives the packet for SMTP connection and doesn't know what to do with it.  One thing I forgot to test was SMTP connection from another computer on the same network ( something like this: telnet aspmx.l.google.com 25 ).  I'll try that next time. Is there any way to determine how pfSense is routing a connection? Any other suggestions?

Load balancing on pfSense is always connection-based. Even if you have the VPN server bound to all WANs, clients connecting in would only use one particular WAN at a time. Also each WAN must have a unique subnet and gateway to function properly with pfSense for Multi-WAN.

I've done some research. It seems that my OCE.ko driver can be the reason of my trouble. If I plug an other intel card 1GBe, everything is working fine. But if I do the same with my Emulex OCE11102 nothing is working anymore. In order to install my 10Gbe extra card, I downloaded a freebsd 10.1 ISO. Get the oce.ko file in it and copied it into the pfsense at /boot/kernel/oce.ko. I added the line oce_load="YES" at the end of the file /boot/loader.conf and one reboot later, my card is correctly there. But it seems that I can't handle any traffic with these ports. they are correctly view and configurable on pfsense gui interface. Any idea on what's going on ? Thanks you !

you can, but unless both ends are "aware' this is how it should be;  it'll result in a broken communication