Thank you! As per your instructions, I went looking to see why nothing was in the log. It seems as if I had all those things checked, and yet there is still not data in the log whatsoever. I've included a screenshot. As of yesterday, I am on the latest build. You are right, and I no longer receive the erroneous message that my lines have gone linkdead. However, now, my CPU usage is either 50% or pegged at 100%. While not new, a Phenom II x2 should handle what I'm throwing at it. This is all new since the update and I am puzzled. About IPv6. Even though on a local basis it's still somewhat enabled, why should I see requests under the PPP log? I'm going to tinker. Thank you very much for replying! [image: Untitled.png] [image: Untitled.png_thumb]

Sigh…  Take a look at your status > DHCP leases. Do you see your VMs there or not?

I see - So, then 1 VLAN switch and 1 pfsense will do the trick.  (Getting this on one pfsense seems to make sense) I'll think about how to do it the hard way in a minute.  Get back with you.

forgot to mention what exactly i added to a every-15-minute-cron: /etc/rc.filter_configure the problem i'm experiencing is happening multiple times / day. i'm not even sure why it is being triggered. i've currently set the latency high-set-point to 450 and the packetloss high-set-point to 50. RRD shows a max latency of 200 & a max packetloss of 2 … still there have been multiple gateway-down events the last 8h's any clues ? edit: oh yea, i just noticed the monitor ip WAS 8.8.8.8, i've removed the manual override and it's now monitoring it's actual gateway. Oddly enough i set the monitor ip to 8.8.8.8 on all my site's and there are no issues with it, except on Site Alpha ;)

That works fine. For the Second WAN you will need VIPs for the external IPs of the 1:1 NAT, but otherwise it should be the same. Traffic that enters WAN or WAN2 will go back out the expected path. Traffic that is initiated from the inside will choose a path based on your gateways/groups in LAN-side rules, as it would for any other Multi-WAN setup. As it leaves a particular WAN, the 1:1 NAT for that WAN will apply on the way out.

Just to give some further info… LAN - 192.168.200.2 /22 WAN - 192.168.205.254 /24 ADSL Router 1 - 192.168.205.1 ADSL Router 2 - 192.168.205.2

From your description, pfSense (gw1) is the gateway to the "real public internet" and gw2 goes to some other networks (presumably networks with private IP ranges behind gw2). If so, then the LAN clients should use pfsense (gw1) as their default gateway. That will resolve the asymmetric routing problem for normal internet traffic. Then you get asymmetric routing when LAN clients send to addresses behind gw2 - the clients send to their default gateway (gw1) which redirects the traffic to gw2. The replies from behind gw2 are delivered direct to clients on LAN. So pfSense (gw1) cannot keep track of the states. You can: a) switch on sloppy states to allow this, or b) on pfSense you could NAT traffic coming from LAN that is directed to networks behind gw2 (then the networks behind gw2 see all the traffic as coming from the pfsense LAN IP, so replies get delivered back to pfSense LAN IP, and get unNATed there and delivered to clients. That forces symmetric routing, but means the networks behind gw2 do not get to know the real source IPs of the clients. or c) Put gw2 on a serate [NIC|VLAN] and subnet on pfSense. Then traffic to behind gw2 has to transit through pfSense in both directions - no asymmetric routes.

some cable modems send out a private ip-address in the event the isp's dhcp is unavailable (for whatever reason). if this happens, you can get what you describe

Many games use specific UDP ephemeral ports or "client ports". You can check the source port on the LAN interface firewall rules and send those through the ADSL gateway. This will still break for Steam games since the Steam ticket will be against another IP address if Steam doesn't get classified correctly (it officially has specific ports too but in practice I haven't seen it use those ports). Other applications such as uTorrent let you specify the ephemeral port range in advanced settings so you can also use it to route Torrent traffic from properly configured clients. In general I'd recommend sending only HTTP/HTTPS through the Satellite connection and let everything else default to ADSL to avoid breaking things. Other than pfSense there is no other router which can do this except very expensive hardware.

Are the outbound NAT rules correct? You need outbound NAT rules for both WAN1 and WAN2 similar to the automatic rules that get generated for WAN1. You need two gateways under System > Routing for WAN1 and WAN2. In the firewall rules for LAN1 and LAN2 you must use the advanced gateway parameter and set it to WAN1 and WAN2 respectively for your Internet traffic rule.

Are you using different monitor IPs for each interface?

Hi Everyone, Just a quick update. I put in a firewall rule that will take all http(s) traffic and push it down one of the gateways and everything seems to be fine now :). I will call this "closed".

I'm assuming all these things are connected via a single switch or set of chained switches. Any resources connected to the same switch(es) can't be firewalled as you suggest. You can create a bunch of VLANS and use a VLAN switch and firewall rules to accomplish this though.

If you wan't better VOIP then ditch the adsl and go with a cable solution. I had nothing but trouble using my bellsouth business Adsl.

Pfsense is a fully functional router and firewall. You can disable the firewall stuff and only use the routing if thats what your looking for. If you gave alittle more information on your setup then it makes it easier to explain for you. Are we talking about internal subnet or an externally routed subnet?