Added a small pic for illustration. 90% of the user of local subnet uses the .4 gw. But on som ocation i wane use .x.1 gw and use the other internet access But when i do that i wane the .x.4 gw for the x.x.x.x/27 subnet that nr x.4 gw is connected to. This is because some of the web server has ip restrictions and other stuff. If i add a static route on nr 1 for the x.x.x.x/27 it applies to both internals subnet on nr 1 fw. So if the costumer on the other fw tryed to access the  x.x.x.x/27 subnet they cant, bouth because of fw rules and that the .4 fw dont know where to route that subnet. And i dont want the costumer subnet to have access to or go threw our local network to access the servers. [image: nr1.jpg_thumb] [image: nr1.jpg]

@Metu69salemi: Would DHCP Relay match your needs? It would but….  the server I'm trying to reach is on the other side of my site to site openvpn, and I get this in the system log: php: /services_dhcp_relay.php: The command '/usr/local/sbin/dhcrelay -i ovpnc1 -a -m replace 10.0.1.8' returned exit code '1', the output was 'Internet Systems Consortium DHCP Relay Agent 4.2.1-P1 Copyright 2004-2011 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Unsupported device type 23 for "ovpnc1" If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before requesting help. If you did get this software from ftp.isc.org and have not yet read the README, please read it before requesting help. If you intend to request help from the dhcp-server@isc.org mailing list, please read the section on the README about submitting bug reports and requests for help. Please do not under any circumstances send requests for help directly to the authors of this software - please send them to the appropriate mailing list as described in the README file. exiting.'

http://lmgtfy.com/?q=pfSense+2.0.1+multi+wan+loadbalancer+youtube No seriously. The first two links you can find via google on youtube… http://www.youtube.com/watch?v=n5COzizaMYQ http://www.youtube.com/watch?v=zrBr0N0WrTY

Just an update to this for anyone having the same problem. Ended up disabling NAT on the PPPoE VPN interface and it's now passing the client IPs straight through. More info at the wiki: http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F#Disable_NAT

Hi heper Thanks a million for your help I resolved the issue there was old vlan setting on the switch nothing to do with the pfsense

Ok, so your comment got me thinking, and the problem was indeed the 1:1 nat.  I could plainly see the ACK leave the mail server and then disappear into nowhere.  For future reference for anyone who reads this thread- 1:1 NAT for a single device on the LAN in a multi-wan setup won't work reliably unless one of your interfaces is already down and packets are guaranteed leave the same interface they came in on.  Good old port forwarding works just fine even when both links are functioning.

Thanks. :-) Will set the "Down" time to 30s which should be 6 pings a 5s.

thank you very much seventhson. that's good explanation. it's only the counter that is adding up WAN and WAN2. It's also good to see the total traffic.

http://doc.pfsense.org/index.php/LAGG_Interfaces

I have tested this using IP alias and it works perfectly. You probably have something misconfigured or you are misunderstanding something about how things are routing or the ISP isn't doing something correctly. Could you give us details about FW, Alias, NAT (outbound), and rules?

You have phones on one vlan and all other devices on another (desktops, printers, etc) and a PBX with a single interface. Is this correct? How is your internet access being delivered to the PBX? does your handoff hit the switch directly or is it going to your PfSense box first (physically)?

In general it works like this: you have to different gateways - one is T1 the other Cable You create a Gateway Groupo with one GW as Tier 1 and the other as Tier 2 (you did that). No need for an extra outbound rule - just create a firewall rule and select the LB group as gateway. PS: Your both WANs need different gateways or LoadBalancing will not work.

Excellent, I'll give it a go - thanks for the help :) Ok this is what I have now, [image: AuiYB.jpg] [image: M3ISL.jpg] Box seems fine but theres no bonding, but i'm getting this in the logs Aug 30 14:32:29 ppp: [wan_link0] Link: Matched action 'bundle "wan" ""' Aug 30 14:32:29 ppp: [wan_link0] Can't join bundle wan without multilink negotiated. I was told by the ISP that they support bonding and thats why they sold us the second line as we couldn't get any faster lines.

Hello, trying a lot past days, but no fix found for my isseu. internet     |     | modem 213.0.0.9/29                   |                                         Pfsense IP: 213.0.0.10                     |                                |                     |  subnet: 192.168.1.1                     /       Centos: 213.0.0.11 Above the connection how i want it to be. i got a modem from my provider, PFsense whit 2 ethernet ports, switch: whit a subnet, and 1 machien the Centos. How do i get a outgoing IP adres on true the firewall. I hope i explain it ok. thanks for looking. Vincent