Well, if your server have a LAN address and a DMZ address, then depending on how you want them to go out matters which one has the gateway assigned. A true DMZ will not have a LAN interface. It defeats the purpose of the DMZ. You can have both, there is nothing stopping you, but for the DMZ servers, the interface in the LAN will not have a default gateway set while the DMZ interface will. Many have DMZ or OPT interface setups with pfSense with no problem. I do, one for my phones, one for a guest wifi, and then I have the main LAN. All without having to create any persistent routes.

It seems that only the gateway using the RTL8111E-VL (re driver) card reports the wrong status. I now use the realtek for LAN and the 4xIntel card for WAN.  So no gateway on the realtek. The issue that after a refresh all are pending stays but at least the online status is correctly shown.

I'm not sure I understand the whole question, but you could handle the MX records two ways. Let's say you have an IP on WAN1 1.2.3.4 and an IP on WAN2 5.6.7.8. You create port forwards on both WAN1 and WAN2 for SMTP to your mail server. You add a record for mail 1.2.3.4 and mail2 5.6.7.8. You could either set mail MX=10, mail2 MX=20, which would only deliver mail to the WAN2 address when WAN1 was down, or you could set both the MX records at 10, then it would split the SMTP traffic between both WAN links. Either way, the firewall will know which link to reply on without any additional rules.

@MarkHowells: What would be really useful (for me) would be to have a Dest != Local_Interface option for a rule… https://redmine.pfsense.org/issues/96 It's something we'd like to have a choice for, eventually.

This is possible. You didn't say which version of PfSense you were using so I'm going to assume the latest version though this would work with some older one. You just need to get a switch that is VLAN capable. 1. Create vlan 100,101 (Just an example make it what ever you want) in PfSense and Switch 2. Assign vlan 100 to ISP1 under Interface assignments 3. Assign vlan 101 to ISP2 under Interface assignments 4. Add 100, 101 tagged  to the last port of that switch 5. Add vlan 100 untagged to port 1 6. add vlan 101 untagged to port 2 7. connect last port of switch to PfSense. 8. connect ISP1 to port 1 on switch 9. connect ISP2 to port 2 on switch 10. Once you save you may have to restart modems/routers and PfSense. Enjoy! I remember a while back someone was trying to do something similar. Check this post out http://forum.pfsense.org/index.php/topic,65008.msg353114.html#msg353114 it might give you some guidance. Obviously with the instructions above you can use what ever ports on your switch you want. If you are going to use Cisco gear just make sure that you use 802.1q vlan tagging and not ISL which is the default on some older gear.

on pfsense go to assign under interfaces and make sure what you want is what you have under interface assignments.

I found the problem….I looked at the routing table, and the traffic from the router itself is bound to one port. Because I did a lot of testing, this port wasn't connected.

Hi, have you checked out what bgp reads in? /usr/pbi/openbgpd-amd64/sbin/bgpd -nv -f /var/etc/openbgpd/bgpd.conf Sometimes OpenBPDd makes crazy reconfigurations… Also helpful - check out your actual settings: could be a combination of bgpctl  like overview over a route: bgpctl show rib 1.2.3.4 bgpctl show rib 1.2.3.4 details show announced route from neighbour: with AS… with Source AS: bgpctl show rib nei <neighbor>as <as-number># bgpctl show rib nei <neighbor>source-as <as-number>Overview over all parameters which I havent tested out all yet ;) => http://www.openbsd.org/cgi-bin/man.cgi?query=bgpctl</as-number></neighbor></as-number></neighbor>

i mean the LAN port on my router /firewall has got the ip address 172.17.8.253 and then it goes to my vlan switch and the vlan it goes into is vlan 8 which is labelled as the server network i thought all i had to do was to create static routes in my router /firewall ie for all my networks ie vlan 1 -(network) 172.17.1.0 (subnet) 255.255.255.0 (next hop) 172.17.1.254 OR (outbound interface) 172.17.8.253 vlan 2 - (network) 172.17.2.0 (subnet) 255.255.255.0 (next hop) 172.17.2.254 OR (outbound interface) 172.17.8.253 vlan 3 - (network) 172.17.3.0 (subnet) 255.255.255.0 (next hop) 172.17.3.254 OR (outbound interface) 172.17.8.253 vlan 8 - (network) 172.17.8.0 (subnet) 255.255.255.0 (next hop) 172.17.8.254 OR (outbound interface) 172.17.8.253 is this correct or not, sorry for the dumb question rob

Okay, well I don't think I need a routing protocol, I have static routes for everything. Connectivity is great, but the speed is the problem. For example: Network 1: 172.16.0.0/20 Between me and pfSense 1, there are 3 hops (3rd = pfsense), so between me and pfsense2, there are 4 hops. Using a firewall rule on pfsense1, I control which gateway my ip address goes out (either the wan gateway, or pfsense2). When I got out the normal gateway, internet speed works as expected, it's a slower connection, but I get speeds of around 25Mb - 40Mbps (limited by limiter, normal). When I switch to the pfsense2 gateway, the speed drops drastically, to 4Mb - 6Mb download, and 8 - 18Mbps upload (yes, higher upload usually) This is using the same speed test provider. Network 2: 10.10.192.0/24 pfsense is 4 hops away from serverA. A speed test run on serverA shows  the fullspeed of the connection, 200- 300 Mbps. This is routed to the wan gateway directly from pfsense2. I have not tried from serverA -> pfsense2 -> pfsense1 -> 100Mb internet, but i don't think its really necessary at this time. The kicker: I logged into both pfSense boxes, and scp'd a 150Mb file directly between the two boxes, which it did via the same 172.16.32.1-2 link, this time I got 350 - 400Mbps transfer, between the two routers. So its clearly not the hardware. And I don't see say CPU spikes or anything that would be slowing down traffic, so what could this be? The image is a view of the topology, along with expected link speeds. Lastly, imagine a serverB connected to the top network, plugged into the first gigabit switch (top left Blue "Switch" box). If serverA tries to send data to this serverB, it also is affected by terribly slow speeds. It seems to affect traffic that crosses both routers [image: topology.png] Any ideas?

https://portal.pfsense.org/

Hi All, I am just getting back to this router and just realized that I can no longer connect to the router. I am not getting an IP addtress. I am using the web interface. I don't have a serila cable to se what/s going on. This proble only started since I enabled the second WAN ro configured  Load Balancing. Any ideas what could have happened? TIA.

Currently I set Packet Loss thresholds to 1%/5% . Packet loss is 10% but GW is still up. Why? Is there any kind of fix?

I have this exact same problem… can you guys give more detail on what you did? aren't the gateways on each host supposed to be set to the VLAN gateway?