I tried policy based routing which worked on failure but never switched back :/

Thanks GF. You are correct vyatta needed to be told about the routes, so not the fault of pfsense at all. Very happy this is now working and traffic is flowing nicely.

Thanks again!

:)

It will be 'statefull' for tcp and udp, keep sessions will work on both at pfsense.

See via tcpdump at console how your VPN connections are 'flowing'.
Open two consoles,one for each wan.

Also test sessions To other services like dns or http for example.

Make it in the GUI. If you are on 1.2.3, just put the target IP in the 'gateway' field on the WAN interface page.

If you are on 2.0, make the gateway entry under System > Routing, select it as default, and make sure it's also chosen from the gateway drop-down on your WAN interface page.

You're really overcomplicating what is actually a very simple setting.

the 8.8.4.4 and 8.8.8.8 will work maybe you should put a static route which interfaces will be used to go in 8.8.4.4 and 8.8.8.8  :)

Anybody got any feelings on this?

it wouldnt help on setting them on different tiers?

Hey, i made a simple guide for everyone to follow on how to setup multiwan (2x wan 1x LAN).
The guide assumes that you have already configured pfsense with both wans.
it's so simple and beautiful.
Step 1-3 sets up the load balancing.
step 4 is about giving specific computers, or ports (services) direct access to only one of the WAN's - in other words, it won't be load balanced.
This helps with certain webpages like facebook or very secure webpages.
hope it helps

thanks also GruensFroeschli! you guys are great! i'll be learning more from all of you guys, just started the box a month ago.. :)

You could post that problem here or open new topic

If you look your forum nick and under that is white box with search button next to it.
please consider using that. Policybased routing is the term what you're searching at.

And yes it can be done. just remember firewall rules work on ingress and top-to-down.

I have noted a high ping ms there - this is due a bit load. It can be as low as 20-30 and still 'fail' with 'correct' config'.

Each GW is fed into a switch then to the pfSense box - no more than 3 feet total distance from each other, tested with different switch and routers - will sit at this figure under load.

Pinging 74.125.230.100 (google svr) via a pc routed through the pfSense box will result in a 18ms ping.
Pinging the same IP via pfSense diags results also in an 18ms ping
Rather oddly - pinging a GW via the digs results in a 0.5ms ping - so why in the 70's range with the LB tool?

More 'oddly':
As I type this, I tried half/half. First 5 having unique external IPs to ping. The first being the pfSense gateway, 200, is now responding with a 20ms ping. The following 3 are 100% loss. The fifth 100% loss but 217ms ping.
Last four 'live' as still pointing to themselves.

Changing the pfSense GW to another IP makes the first in the list go offline - with 19ms ping.

Some randomness, with some changing state with no correlation to ping ms.

@Metu69salemi:

okay..

What you want to allow that is something what you need to decide. But now i assume that you want to allow anything

You may want create network alias to help out this rule(Firewall: Alias) goto your lan rule tab(Firewall:Rules:Lan) and create rule
Action: Pass
Interface: Lan
Protocol: any
Source: any
Destination: Your newly created alias
Destination port range: any
Description: Write descriptive name

all the advanced features isn't needed currently, if you don't need any scheduling, or different gateway etc

Nope, nothing advanced, I just basically want the firewall to be absolutely transparent for everything on the LAN/WLAN side and to only really be active between the WAN and the LAN/WLAN.

Does that make any sense?

I'm running PFSense 2.0 now, if that makes any difference.

So what exactly does a Firewall Alias do and why would I want to use it in this case? I'm just trying to understand the concepts that I'm using so I will be able to do this on my own next time.

-RS

Hi, this is a simplied diagram. Bridge 172.16.0.3 are far far away from pfsense (its a PtP link with 172.16.0.2)

net.PNG
net.PNG_thumb

Or, if, you have problems with "sticky connections", can create a Failover GW group and use "policy routing" to direct all "problematic" traffic to that group, i think this approach is better than have all "problematic" traffic routed to one GW.

VLAN 101:  Switches, Firewalls Huh
Network:  10.10.1.0 /24
Switch IP: 10.10.1.1

1. assume ur pfsense has wan ip x.x.x.b/zz and wan gateway is x.x.x.a/24 and lan ip is 10.10.1.10
2. connect lan into access port belongs to VLAN101 make sure it is not trunk port
3. create another gateway having ip 10.10.1.1 named LANGW
4. create static route of 10.10.2.0 /24 using gateway LANGW I.E FOR ALL OF YOUR VLAN
5. open firewall nat click Manual Outbound NAT rule generation and SAVE
6. after generating automatic rule add similar rule for all vlan networks

hope u will get internet from lan
let me know

Looks like it.