you got it right, no problems

Reason is stated earlier but I'll explain further… I have a LAN provider who gives me 100Mbps download but only 10Mbps upload. They provide me with five IP-addresses through DHCP and each of the IPs each get 10Mbps of upload. Since they give me IP-addresses from a /16 net I get the same gateway on all IPs. This means if I put a firewall with five WAN-addresses and load-balance them I get 50Mbps upload. It works with 1.2.3, not flawless but it works, and I have also used Shorewall to do this job and am now asking you if I can do this with pfsense 2.0? I'm currently trying to provide enough bandwidth to host a couple of game servers and really need the extra 30-40Mbps I'm trying to get here. Sorry if I don't make any sense...

I'm not quite sure that sticky option would work for Hotmail (http is stateless), since according to OpenBSD's pf faq: This "sticky connection" will exist as long as there are states that refer to this connection. Once the states expire, so will the sticky connection. Further connections from that host will be redirected to the next web server in the round robin. I also am still unclear about the status of "sticky" feature, since until recently there were reports of problems, and 148290 is still listed as unresolved in the Current problem reports assigned to freebsd-pf@FreeBSD.org

Is this for your own network, or some service you're providing to others? (if the former, the obvious solution would be to generate all your P2P traffic on a certain host or subnet) You seem to be asking about policy routing based on daily quota per IP. I don't know if that is possible with pfsense. Also the consensus seems to be that L7 identification of torrents is very hard. Since you are in such a hurry, perhaps a simpler approach would suffice e.g. put all "used" ports (dns, ssh, smtp, imap, pop3, etc) into an alias and route them via WAN2 (cable), but  change default gw to WAN (adsl) so everything else (which by default includes P2P traffic) will flow via the uncapped connection.

What is confusing about the guide here? http://doc.pfsense.org/index.php/Multi-WAN_2.0 It specifically mentions what all you need to put in firewall rules here: http://doc.pfsense.org/index.php/Multi-WAN_2.0#Firewall_Rules As for HTTPS, which is the only thing that some people need to handle specially (not everyone), either using sticky connections (in advanced opts.) or a separate failover group for HTTPS traffic will do the job. I'm not aware of anyone needing to handle SSH any differently, unless a remote site was limiting access for SSH to only one of your multiple WANs, then you'd just need a policy route to force SSH out that specific WAN… Again, not something that most people would need to worry about.

Create the second wan at Pfsense. Assign ip/gateway at gui. Create two failover like wan-> wan2 and wan2 -> wan Assing gateway to your rules.

Hello, I think that you should use the third port of the Alix for both the second WAN and Captive portal, as long as you configure VLANs on it. This article http://doc.pfsense.org/index.php/Multi-WAN_using_VLANs_with_pfSense(and help from members here) helped me with my setup, which it is similar to yours. Kostas

PPPoA o PPPoE ?.. I'm using last release 2… I try to search.. thaks!

Problem solved!! Thank you very much.

System: Advanced: Firewall and NAT:disable firewall

nevermind … picnic error

When you hit +, it may have latched onto the OpenVPN interface and did something there. If it's restarted (even just the openvpn process) on R2 it may come back up. That's just how the assign interfaces bit works, you hit + and it grabs the next available interface, then you can change it and save to pick a different one if that isn't right.

Let me update my question, I made a mistake on my first explanation. Again, I have 1 ADSL and 1 HDSL, if I put both into a ROUTING GROUP (System->Routing->Group) using Tier1 for BOTH, I don't have the SUM of the bandwidth BUT the difference!!!!. Can someone explain me where is my error? I test it with "Member Down", "Packet Lost", "High Latency", and "Packet Lost or High Latency", in all the cases I have less bandwidth than the sum (near 5 to 7M). Thanks in advance.

In 2.0 release it is working great and without any issues. Used it on i386 and amd64.

Yes, DHCP settings are odd, but DHCP is only on for testing purposes. This setup is going to route traffic between two phone systems whose consoles need to talk to each other. ahhh… confession time, I've been a knob, but you chaps have pointed me in the right direction & I'm eternally grateful, it seems to be working now.

not to complicate this more for you, but you many also want to get two switches and split the 8 lines. Both switches would have 4 lines and 1 pf port (pf port running vlans) That may give you a little more redundancy at the switch level.

nope, got it goin already! haha, thanks!! used the group for failover of wan2towan as gateway, processed fast enough.. thanks again, hope this helps people in need.

So I made for my https following changes: created new failover gateway: [image: 77bsnb4r.png] gateway overview one for loadbalancing for all my traffic and the other failover for specific traffic needs which has trouble with multiwan connections: [image: jilr6lgn.png] and edited the firewall rule for my https traffic: [image: fjt2cdy2.png] till now everything is working as it was before w/o pfsense :-) I am going to test this setup on weekend when I have 2 separate lines for myself. So far so good thanks to all and especially u Nachtfalke - u brought a little light to my mind about rules ans failover things :-) Stev