Hello, I have the exact same issue: My Internet GW (default gateway): 192.168.1.1 My pfsense (WAN interface): 192.168.1.3 My Local Network: (pfsense LAN interface: 10.55.2.254) 10.55.2.0/24 I have no NAT because all NAT is on Internet GW (192.168.1.1) I have another router for routing other LANs Router: 192.168.1.2 Network behind this router: 172.16.0.0/16 (ip: 172.16.1.254) In pfsense, i have configured: 2 gateways: WANGW (Default GW) -> Inerface WAN -> GW 192.168.1.1 ROUTERGW -> Inerface WAN -> GW 192.168.1.2 1 static route: 172.16.0.0/16 -> GW: ROUTERGW No Outbounf NAT, No 1:1 NAT, no Port Forwarding FW Rules (no gateway specifies, so no PBR): WAN: Any accept (Accept * * * * * * no queue) LAN: Any accept (Accept * * * * * * no queue) Routing table: netstat -rn Routing tables Internet: Destination        Gateway            Flags    Refs      Use  Netif Expire default            192.168.1.1        UGS        0    26495 vmx3f1 10.55.2.0/24      link#2            U          0  133740 vmx3f0 10.55.2.254        link#2            UHS        0        4    lo0 127.0.0.1          link#5            UH          0      66    lo0 172.16.0.0/16      192.168.1.2        UGS        0      662 vmx3f1 192.168.1.0/24    link#3            U          0  393896 vmx3f1 192.168.1.3        link#3            UHS        0        0    lo0 => Seem to be OK I have a computer with IP 172.16.1.40 Ping from 172.16.1.40 to 192.168.1.1 => OK Ping from 172.16.1.40 to 192.168.1.2 => OK Ping from 172.16.1.40 to 192.168.1.3 => KO Ping from pfsense 192.168.1.3 to 192.168.1.1 => OK Ping from pfsense 192.168.1.3 to 192.168.1.2 => OK Ping from pfsense 192.168.1.3 to 172.16.1.40 => KO Now, from 172.16.1.40: ping -t 192.168.1.3 For tcpdump: On the pfsense (interface vmw3f1 is 192.168.1.3): tcpdump -ni vmx3f1 icmp and host 172.16.1.40 listening on vmx3f1, link-type EN10MB (Ethernet), capture size 96 bytes 10:33:53.978486 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 5641, length 40 10:33:53.978527 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 5641, length 40 => Work fine On the Router (interfcae seth4 is 192.168.1.2): tcpdump -ni seth4 icmp and host 172.16.1.40 listening on seth4, link-type EN10MB (Ethernet), capture size 96 bytes 22:03:37.123283 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 12553, length 40 22:03:42.885379 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 12809, length 40 => Only request, no reply On the Internet GW (bge0 is 192.168.1.1): tcpdump -ni bge0 icmp and host 172.16.1.40 listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes 08:41:44.023409 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 21257, length 40 08:41:49.505862 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 21513, length 40 => Reply appear here… Not normal because pfsense must route packet to 192.168.1.2 for destination IP 172.16.0.0/16 based on routing table Now, i check the box "Disable all packet filtering" in System / Advanced / Firewall/NAT All work fine! ing from 172.16.1.40 to 192.168.1.1 => OK Ping from 172.16.1.40 to 192.168.1.2 => OK Ping from 172.16.1.40 to 192.168.1.3 => OK Ping from pfsense 192.168.1.3 to 192.168.1.1 => OK Ping from pfsense 192.168.1.3 to 192.168.1.2 => OK Ping from pfsense 192.168.1.3 to 172.16.1.40 => OK So, there is a routing issue, I think based on PBR... Anybody can help us?

Ah. Also, disregard the ICMP issue. It seems either pfSense or the Xbox (perhaps both?) dislike UPnP configured simultaneously with static IP. Removing one solved the other.

Fixed! Thank you, podilarius! Sometimes it's the little things… I gave OPT1 The 248.49 address, changed the default route to that in the Cisco and voila! works like a charm. A million thanks!

ok, but this rule in top allow all the traffic to pass o only change the traffic gateway ?

Yeah - I wasn't trying to waste your time.  I'm glad its working now.  I hope your actual install goes well also.

It should work out of the box as long as you assign pfSense an IP address on each subnet on the appropriate interface and create firewall rules to allow traffic from LAN to OPT1 & OPT2, OPT1 to LAN & OPT2 and OPT2 to LAN and OPT1. If you have a different default gateway for one subnet's clients, you need to push the routes to the other networks to them specifying pfSense as the gateway. The best way to do this is to use DHCP Option 121. You can also enable RIP on the clients and enable RIP broadcasting on pfSense. You can also just add static routes to the other router but this will make it asymmetric routing and choke the router with LAN traffic.

I've added a small update to my original article concering squid/squidguard. http://www.communig8.com/articles/64-open-source/146-pfsense-multi-wan-update

Maybe - Changing monitor IP to something that can't be pinged should surely work.

Hope it works  ;D

That shouldn't be required. Just assign proper tiers for failover to the gateways in a gateway group and use that group as the gateway in your outbound Internet rules.

thanks jimp, should of caught it but was missed.  cp was originally enabled on the wlan interface, but there may have been a configuration issue that caused some issues so decided to narrow it down.  disabled the wlan interface and guess cp just took over the next interface which was the mpls interface which caused all sorts of problems.  kind of surprised our point to point worked at all but glad it was something simple.

Yep. They'd each need to know the other subnets are reachable via that same interface.

If it's xDSL, it's normal as well. (DSL is horrible to begin with, latency wise, and then you start using it….)

It wouldn't be a permanent change, but you can do: route delete -inet default; route add -inet default x.x.x.x Where x.x.x.x is your new gateway. Once you get back into the GUI, you can fix the gateway settings permanently.

@ Phil.davis  Thanks for the info I got it up and running. set both my isp to bridge then the lan to a 10.x.x.x scheme. I was having trouble with the lan 192.168.1.1 for some reason, (most like because I did not know what I was doing). :) Thanks for all the help I got the basic up and running now it time to do some testing with the firewalls rule and loadbalancing….. Thanks again

The same issue at Pfsense 2.0.3 stable release. LAN - static ip WAN - static ip WAN2 - statis ip WAN and WAN2 has internet access through different providers.

My real problem is this… Every modem give me 5 GB of transfer each 15 days, after this I need to recharge this, and I need to consume 15 GB on 15 days (1GB per day). So I need 3 modem to do this but I need to use the 5gb of each modem each 5 days... do you have other idea to do that? tks for your help