It wouldn't be a permanent change, but you can do: route delete -inet default; route add -inet default x.x.x.x Where x.x.x.x is your new gateway. Once you get back into the GUI, you can fix the gateway settings permanently.

@ Phil.davis  Thanks for the info I got it up and running. set both my isp to bridge then the lan to a 10.x.x.x scheme. I was having trouble with the lan 192.168.1.1 for some reason, (most like because I did not know what I was doing). :) Thanks for all the help I got the basic up and running now it time to do some testing with the firewalls rule and loadbalancing….. Thanks again

The same issue at Pfsense 2.0.3 stable release. LAN - static ip WAN - static ip WAN2 - statis ip WAN and WAN2 has internet access through different providers.

My real problem is this… Every modem give me 5 GB of transfer each 15 days, after this I need to recharge this, and I need to consume 15 GB on 15 days (1GB per day). So I need 3 modem to do this but I need to use the 5gb of each modem each 5 days... do you have other idea to do that? tks for your help

@razer0r: You're serious?… This is not some private home connection ... but a fully routed 1Gbit INTERNET connection... in a DATACENTER, where i just rent a server box... (actualy multiple, but that's another story... which is located 12000 KM away from me... Great. Then maybe ASK the collocation provider to provide you with the requested information and post back, instead of wasting other people's time here.

What you are wanting looks possible in apinger, which really just deals with monitor IPs. pfSense has "Gateway Groups" that consist of a set of Gateways with priorities (tiers). But really it seems to me that they are really "Monitor IP Groups". It would be possible to have multiple monitor IPs for each gateway. Each Monitor IP would potentially have its own advanced settings (loss, delay, down time…). The existing "Gateway Groups" could actually become a selection of the "Monitor IP entries", with a tier for each one. apinger reports which target (monitor) IP has a state change, pfSense can use this in a more refined way than now - passing that up to the various "service reload" commands that react to apinger alarms. Then you can have different Gateway Groups that are prioritised on different sets of monitor IPs (although ultimately underneath the traffic is on the same gateways/interfaces). Particular OpenVPN instances, or policy-routing rules can then use a particular Gateway Group that responds as required to the failure of particular monitor IPs. I can think of a use for this here in Nepal - sometimes links to the "rest of the world" internet go down, but our internal national ISP/s are working OK, so my VPN links between offices in the country will still work. In that case, I don't want to try to failover the VPN links to some slow backup link. On my main WAN gateway I could monitor an in-country ISP address, and use that in a Gateway Group for VPN failover. On my main WAN gateway I could also monitor an outside-Nepal IP, and use that in a gateway group for general policy-based routing of browser traffic. I could monitor my international mail server IP, and use that in a gateway group for policy-based routing of traffic to the mail server. The failover could detect (with a reasonable guess) what bit of the internet is unreachable on the main WAN, and just failover that bit to the backup link. This is about having multiple networks/services/resources available over a single gateway, and detecting which particular network/service/resource is now unreachable, and allowing the firewall rules, VPN settings... to just failover the things that need to reach that network/service/resource. How many people have a need for this? And who has the time to code and test it?

Shouldn't be any problems. You have to deliberately allow unsolicited incoming traffic via NATs and Rules.

I think: System > Advanced > Miscellaneous > Use sticky connections is what you're looking for, time out is set to 5 minutes I think on 2.0.3, editable on 2.1. Check what's tracked under Diagnostics > States > Source Tracking

After doing what you have done I figured out that I don't need to add a VIP for those addresses to work. Because the packets are routed to the firewall, you only need a VIP configured if you're planning to use it for a service on the FW itself (openvpn etc.). If you're using it for devices behind the firewall you can simply create 1:1 nat mappings and firewall rules and the traffic will flow as intended.

2.1RC seems to working fine.  No issues yet. But its always had: make sure you have the modules for hyperv installed. make sure that you have the network cards on static mac addresses

thanks all, will give it a go when the project goes ahead

check your pm

Create a rule on OPT2: From: * To: Not OPT1 subnet Gateway: WAN gateway This should be the only rule that allows Internet access.

I'm a teksavvy user also but I have their IPv6 service turned up also.  Let me know if you need any screencaps of my config if you go down that road.

The only way it could work is if you also had outbound NAT fake the source so that the second server sees the firewall as the source of the traffic. Otherwise the far-side server would respond directly to the request, and the client would drop it.

Did you go into your pfsense firewall > rules > Lan and put in a rule to pass traffic to anywhere? The fact that you can ping things inside the network but not outside makes me wonder about your firewall rules.