If it's trunked to pfSense then each vLAN will show up as a separate interface in the firewall page. Just edit the Internet access rule on the VLAN30 interface and set the gateway to WAN2.

@jamesl: I think the confusion is a person can use the same gateway for dual wan, but you need to use "two different monitoring IP's". That is what i did to make my setup not show "Gathering Data State" You can have the same gateway for dual WAN, I am using one such setup now. I think since version 2.0 or maybe 2.0.1 you can have the same gateway for multiple interfaces via PPPoE. Like this poster said, you need two different monitoring IPs. Really anything will do, but I liked to use my ISP's recommended DNS. I was slamming my head against a wall with this too. Change it, it should work.

Yeah - You can do it with Manual outbound NAT.  Easily.

My internet connection is direct by LAN with static IP. I have tried with IP alias & Proxy ARP - same results. I did not have engough NICs so that is why i wanted to put the second IP on my WAN NIC too. Anyway i have found a workaround adding one more NIC(and changing the pc ofcourse) so now it is working with two separate physical NICs. The idea is not to use multiwan as failover or loadbalancing because the ISP is the same so if something goes wrong with the ISP i will lose both WANs. The idea is to make separate rules for HTTP request for my two Webservers. The first IP is going to first Webserver and the second IP is going to second Webserver.

Hello, I have the exact same issue: My Internet GW (default gateway): 192.168.1.1 My pfsense (WAN interface): 192.168.1.3 My Local Network: (pfsense LAN interface: 10.55.2.254) 10.55.2.0/24 I have no NAT because all NAT is on Internet GW (192.168.1.1) I have another router for routing other LANs Router: 192.168.1.2 Network behind this router: 172.16.0.0/16 (ip: 172.16.1.254) In pfsense, i have configured: 2 gateways: WANGW (Default GW) -> Inerface WAN -> GW 192.168.1.1 ROUTERGW -> Inerface WAN -> GW 192.168.1.2 1 static route: 172.16.0.0/16 -> GW: ROUTERGW No Outbounf NAT, No 1:1 NAT, no Port Forwarding FW Rules (no gateway specifies, so no PBR): WAN: Any accept (Accept * * * * * * no queue) LAN: Any accept (Accept * * * * * * no queue) Routing table: netstat -rn Routing tables Internet: Destination        Gateway            Flags    Refs      Use  Netif Expire default            192.168.1.1        UGS        0    26495 vmx3f1 10.55.2.0/24      link#2            U          0  133740 vmx3f0 10.55.2.254        link#2            UHS        0        4    lo0 127.0.0.1          link#5            UH          0      66    lo0 172.16.0.0/16      192.168.1.2        UGS        0      662 vmx3f1 192.168.1.0/24    link#3            U          0  393896 vmx3f1 192.168.1.3        link#3            UHS        0        0    lo0 => Seem to be OK I have a computer with IP 172.16.1.40 Ping from 172.16.1.40 to 192.168.1.1 => OK Ping from 172.16.1.40 to 192.168.1.2 => OK Ping from 172.16.1.40 to 192.168.1.3 => KO Ping from pfsense 192.168.1.3 to 192.168.1.1 => OK Ping from pfsense 192.168.1.3 to 192.168.1.2 => OK Ping from pfsense 192.168.1.3 to 172.16.1.40 => KO Now, from 172.16.1.40: ping -t 192.168.1.3 For tcpdump: On the pfsense (interface vmw3f1 is 192.168.1.3): tcpdump -ni vmx3f1 icmp and host 172.16.1.40 listening on vmx3f1, link-type EN10MB (Ethernet), capture size 96 bytes 10:33:53.978486 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 5641, length 40 10:33:53.978527 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 5641, length 40 => Work fine On the Router (interfcae seth4 is 192.168.1.2): tcpdump -ni seth4 icmp and host 172.16.1.40 listening on seth4, link-type EN10MB (Ethernet), capture size 96 bytes 22:03:37.123283 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 12553, length 40 22:03:42.885379 IP 172.16.1.40 > 192.168.1.3: ICMP echo request, id 768, seq 12809, length 40 => Only request, no reply On the Internet GW (bge0 is 192.168.1.1): tcpdump -ni bge0 icmp and host 172.16.1.40 listening on bge0, link-type EN10MB (Ethernet), capture size 96 bytes 08:41:44.023409 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 21257, length 40 08:41:49.505862 IP 192.168.1.3 > 172.16.1.40: ICMP echo reply, id 768, seq 21513, length 40 => Reply appear here… Not normal because pfsense must route packet to 192.168.1.2 for destination IP 172.16.0.0/16 based on routing table Now, i check the box "Disable all packet filtering" in System / Advanced / Firewall/NAT All work fine! ing from 172.16.1.40 to 192.168.1.1 => OK Ping from 172.16.1.40 to 192.168.1.2 => OK Ping from 172.16.1.40 to 192.168.1.3 => OK Ping from pfsense 192.168.1.3 to 192.168.1.1 => OK Ping from pfsense 192.168.1.3 to 192.168.1.2 => OK Ping from pfsense 192.168.1.3 to 172.16.1.40 => OK So, there is a routing issue, I think based on PBR... Anybody can help us?

Ah. Also, disregard the ICMP issue. It seems either pfSense or the Xbox (perhaps both?) dislike UPnP configured simultaneously with static IP. Removing one solved the other.

Fixed! Thank you, podilarius! Sometimes it's the little things… I gave OPT1 The 248.49 address, changed the default route to that in the Cisco and voila! works like a charm. A million thanks!

ok, but this rule in top allow all the traffic to pass o only change the traffic gateway ?

Yeah - I wasn't trying to waste your time.  I'm glad its working now.  I hope your actual install goes well also.

It should work out of the box as long as you assign pfSense an IP address on each subnet on the appropriate interface and create firewall rules to allow traffic from LAN to OPT1 & OPT2, OPT1 to LAN & OPT2 and OPT2 to LAN and OPT1. If you have a different default gateway for one subnet's clients, you need to push the routes to the other networks to them specifying pfSense as the gateway. The best way to do this is to use DHCP Option 121. You can also enable RIP on the clients and enable RIP broadcasting on pfSense. You can also just add static routes to the other router but this will make it asymmetric routing and choke the router with LAN traffic.

I've added a small update to my original article concering squid/squidguard. http://www.communig8.com/articles/64-open-source/146-pfsense-multi-wan-update

Maybe - Changing monitor IP to something that can't be pinged should surely work.

Hope it works  ;D

That shouldn't be required. Just assign proper tiers for failover to the gateways in a gateway group and use that group as the gateway in your outbound Internet rules.

thanks jimp, should of caught it but was missed.  cp was originally enabled on the wlan interface, but there may have been a configuration issue that caused some issues so decided to narrow it down.  disabled the wlan interface and guess cp just took over the next interface which was the mpls interface which caused all sorts of problems.  kind of surprised our point to point worked at all but glad it was something simple.

Yep. They'd each need to know the other subnets are reachable via that same interface.

If it's xDSL, it's normal as well. (DSL is horrible to begin with, latency wise, and then you start using it….)