I dont juse that. Its only a example. My own config is another. Look at the link. I copied from there and market it with a footmark. Std and normal to so so. Greets

This is working now. I set up a static routes at both ends and also configured gateway grouping between VPN and point to point link. I believe some changes in pfsense like advanced gateway settings for rules and routes don't get active until a reboot is done. This caused me a lot of a hardship earlier. Still there are some small glitches: 1. I have fibre as default link in the branch firewall, so firewall (only this) has no Internet connection (so updates for firmware, bogons, etc are not automatic). 2. Sometimes even though the link comes back up, the firewall doesn't switch back to fibre link after using the backup VPN.

Post the rules you have on VLAN4 - you will need to pass source VLAN4net, destination "Novell OES box". It should be about as simple as that for the VLAN4 clients to get access to the DNS server on another local LAN.

i'll give it a try…. will report back later...

I've configured something similar, for both inbound and outbound but its doesn't quite work. I see in the firewall logs that its blocking a lot of inbound/outbound packets to/from my torrent machine but the torrents are still downloading at full speed on the interface its supposed to be blocked… As I have failover configured, I would think it could be interfering with the policy routing but wouldn't simply block all traffic? Cause right now, even if the logs are showing a lot of packets blocked on the proper interface, It keeps downloading on that same interface...

If both networks are connected to the same router (Pfsense) and you don't have a rule blocking this, it should just work. If both networks are connected to different routers then you will have to create a common network between the two (/30), for example 10.0.0.1 and 10.0.0.2 both with a subnet mask of 255.255.255.252. Then you need to run a dynamic routing protocol on all your interfaces like (rip v2) or use static routes. If you provide a diagram more specifics can be offered. www.gliffy.com Once you have done all that you will have to create a default route on your stand alone routers to send traffic to Pfsense. Lastly make sure Pfsense is allowing non directly connected traffic to be natted out of its wan by looking at your outbound Nat rules. (adjustments may be needed there).

I would say policy routing is for a specific one of situations and static routing is more of a general use thing. I'm not sure but I would guess static routing takes less resources too. I would love to hear what others think.

create alias group with url. Add rule to top of LAN allowing any traffic to destination alias and specify which gateway to use.

Set it back to DHCP…?

dotdash, Yeah I realized after I posted but no access to internet at time of realization.  DUH!!!! :-) thanks for follow up though.

That's not multi-WAN, just one WAN with multiple IPs, much diff thing. Glad you got it working.

Why not just use the /30 as the WAN and .57/29 as the LAN on your edge box? Then check the box under advanced to disable the firewall and NAT. Have the tenants use 58-62/29 and have them point to the edge LAN (.57) I f you need a separate private management IP, use an OPT interface. (or just manage via the LAN ip)

@Derelict: They know about it. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182828 Ok, thanks for the information.

I wouldn't use port 80.  I'd use something like 8443.  All that matters is that one the outside, the IP:Port combination is different for inbound connections. If you have multiple IPs, you have have IP1:443, IP2:443.  If you have only one, then you need IP1:443 and IP2:8443 (for example.) It doesn't matter if you do this: IP1:443 NAT to INTERNAL-IP1:443 IP2:8443 NAT to INTERNAL-IP2:443 Both servers can listen on 443 as long as they're different servers or have different listening/binding IPs. And you'll probably have to move the WecConfigurator port to something other than 443 too.

In pfSense you have to think a bit different. Rules are always applied on the interface on which traffic arrives. So if you want to have a rule to apply to traffic going from LAN to WAN you put the rule on the LAN-tab. If you want a rule to apply to traffic from WAN to LAN, then you put the rule on the WAN-tab. etc.

What you are trying to do is traffic metering.  You set a top-end limit to the amount of bandwidth that can be consumed before an event occurs.  The event could be a complete restriction or in your case a change to another route. I don't think there is anything in pfSense that does metering like this, and I am not aware of any packages for pfSense that do this.  Someone smarter than me might be able to point you in the right direction.

Yes, this is very easy to do. I've included a screen shot of my configuration for you.  I have a server on that subnet that I want to use one gateway exclusively for it's outgoing traffic.  So I created a rule to do just that.  You can do this for a single IP or for a subnet.  I have one of my subnets going out one WAN and the other the second WAN.  This is done with a different configuration, manual NATing.  I've also enclosed that screen shot so you can take a look at it.    

You can use the same ISP, but you cannot use the same router.  You need two separate routes to the Internet. I use Optimum for my residential and business.  I have two separate routers with two different addresses.  That way pfSense sees them as two different routes and can multiwan between them.

isolated device, network now stable.