Ok, I switched back and have the ADSL line as default.

Here's another bit of info, which may or may not help…..

When WAN1 & WAN2 are online (I confirm by pinging them from outside the network), I then try to ping their respective gateways directly from the pfsense box, and I get replies (as i should).

However, when I try to ping google's IP through WAN1 I get reply, but from WAN2 it times out.

This happens regardless of the fact, whether I have loadbalance setup or not.

Any ideas?  Thanks.

WAN1Ping.jpg
WAN1Ping.jpg_thumb
WAN1PingGW.jpg
WAN1PingGW.jpg_thumb
WAN2Ping.jpg
WAN2Ping.jpg_thumb
WAN2PingGW.jpg
WAN2PingGW.jpg_thumb

Have a look at VLANs…

...in a multi-WAN environment:
http://doc.pfsense.org/index.php/HOWTO_setup_vlans_with_pfSense

...and here for a basic setup:
http://networktechnical.blogspot.com/2007/04/pfsense-how-to-setup-vlans.html

I changed my DNS servers to both use the public ones as suggested. I went back through the loadbalancing and failover services and changed out my static ips for the dns servers. Now everything seems to be working again. I will update this tomorrow after I connect the primary WAN directly to our modem (shouldn't make a difference).

Thanks

Bob

Enabling "Static route filtering" under System -> Advanced solved the Problem.

Hi all
I'd the same problem, so I'd checked all my configuration:

I disabled all my own rules: some of these no longer needed I followed the official doc: http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x with a difference: don't check the "sticky connections" checkbox! To browse is impossible with this option: but I don't know why…

Bye

Folks, thanks for your help!

The general idea is to use a single port on the switch with only tagged traffic.  This port connects to the upstream device (pfSense, another switch, whatever).  It carries the various networks over a single physical link, but each is tagged independently.

If my switch was in the middle of a chain of 3 switches, i guess 2 ports would be ok for this? (At the minute, I only have 2 switches, so this question I'm asking doesn't really apply atm)

On the switch, each port is assigned to groups of VLANs.  For most devices, you want them to exist on a single VLAN.  For those ports, you specify the VLAN to use for untagged traffic and remove the port from all other VLANs.  That way, even if the device sends a tagged packet, the switch won't allow the traffic onto the VLAN.

So in terms of our HP switch (Mine is a 1800-24G layer2 only), what setting does your quote above refer to? Uncheck VLAN aware? Or/And just make the port a member of NO VLANs but ONLY set the PVID? (See where I'm getting confused here?)

For some devices, you may wish to have it be accessible on multiple VLANs, but not route between them.  To do that, you setup the port to use only tagged traffic and only make the port a member of the VLANs that it should be allowed to participate in.  The device is then configured to set an IP per VLAN and disallow routing.  Unless you are doing something really complex, this probably isn't something you will need to do.

No need for this at the minute, but thanks for explaining. My switch is only layer 2 so it's probably a bad idea for this anyways (Unless I didn't care about the single device routing between the 2 VLANS)

The main gotcha with VLANs is that VLAN tag 1 is almost always special in some way.  For the HP switch I have (2800), VLAN 1 is the default VLAN and is the one on which all the management services run.  That particular setting is configurable on my switch, but many other switches don't offer a way to change it.  To be on the safe side, use VLAN tags other than 1 for your actual networks.

Understood :)

Other solutions described here:
http://doc.pfsense.com/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

I dont think your plan to redirect traffic with a transparent bridge will work.

How i would solve it:
Use a pfSense instead of the cisco.
Put the cisco in front of the pfSense.
Like this you have to do no configuration for the network and only have to do changes on the routers.

yes. if you dont want to use the firewall capabilities of pf, just disable them.

I too would like to know, specifily the ability to set rules up for what local ip:port the traffic comes from since that is the only part I control on the PfSense side.

Agreed, add an extra nic in one of your pfS boxes to load balance your servers and resolve routing.
If you do want to make use of the second pfS box as a failover then use CARP to keep them both in sync. There are a few things to consider though…
You will need at least 4 nics in each pfSense box:
  1 x LAN
  2 x WAN
  1 x CARP pfsync
If you use a DMZ, that will need an additional NIC in each box.

You will need 3 useable public IP's on each WAN connection

the first part - connecting both WANs to one pfSense box is a no-brainer and you should do it. The CARP setup takes a bit of configuring but is well worth the effort if you have all of the required bits above.

can i have an example?

If it's not showing up there it doesn't have a gateway (and hence isn't a WAN).

I think he means this without literal translation

Hi can anyone help me
I have two DSL modems from the same company and from the same ISP (assuming he means same models obtained from the same ISP)
One modem is provisioned for 4Mb service and the other modem is provisioned for a 2Mb service.
When I check speed test (from what source?), it only shows the modem with the 4Mb service. The two connections are not combining.
When I connect the modem(s) to the TP-Link router, the speed test shows 6Mb.

Then he goes on to describe how his configuration is set up but it's not working. It sounds like he wants to use loadbalancing but if either connection fails, he wants all connections to fall over to the working connection.

I think he is using his connection as a wifi hotspot that services 20 users.

I think perhaps because of the language barrier, pictures of a proper config might be better. However, network typology will have to be assumed, and the optimal configuration suggested, to suit his clients needs (not his) since it is his clients that are complaining.

Absolutely,

It will aggregate. I have the same kind of setup with 3 WAN connections. I use SMoothwall in place of IPCOP.

After creating load balancing pools and configuring respective intefaces try a download accelerator and see the traffic graphs interfaces simultaneously. it will use everything it gets.

Bump.

For this to work, does pfsense remember which ISP a packet came in on, so that the return packet goes via the route it came in, rather than the default route? (my current tests, show it goes back via the default, which doesn't help)

It uses default route. You can do policy based routing from the Firewall Rules and choose a different gateway for a traffic handled by a particular Firewall Rule but you can not do dynamic routing based on the inbound source of the traffic.

I am not aware of any firewall capable of doing what you are trying to do.

One solution may be to dual IP the servers/services you want to publish and publish one IP to the internet connection from one ISP and the other IP to the other internet connection. Then use policy based routing to have the return traffic routed properly through the correct ISP.