Which documentation did you follow? How do you test? How does it not behave how you expect?

This is called policy based routing. Traffic from the LAN will be handled by the rules on the LAN-tab. You can specify in a firewall rule to which gateway traffic should be sent. However, even if you dont want lodbalancing, you might want to have failover in case one of the WANs goes down. For this you create a normal pool, but chose "failover" instead of "balance". Then select in the firewall rule the failoverpool instead of the gateway directly.

Most of those dyndns services require some sort of client to update their site with your current DHCP'D address.  I didn't see any client with pfsense so where / how does the IP get updated when the provider changes it?  Maybe you could use DNS to create a record to your dynamic assigned address such as mysite.dyndns.org which has your updated Comcast address. Example mydomain.com (Static from Speakeasy)  DNS www IN A <your public="" ip="">www IN A <mysite.dyndns.org>This would allow both ip's to serve your website however, if one fails 50% of the traffic will be sent to the failed one since DNS will round robin the serving of IP's.  Also even if you were to get a service that would update your DNS record when the other failed there is no guarantee that other servers have not cached the static one so they will return the wrong IP anyway.  My advice, if this site is kind of important to your home office or/ business, is to simply get it hosted.  There are some cheap hosting providers out there and your site will probably only go down based on something you did.  Simple google search found http://www.top-10-web-hosting.com/.  For $48 a year its easier than worrying about when your residential service will go down. From your other post you will almost always have access to your site b/c you have redundant outgoing connections.  This is probably the best solution.</mysite.dyndns.org></your>

Ok, I switched back and have the ADSL line as default.

Here's another bit of info, which may or may not help….. When WAN1 & WAN2 are online (I confirm by pinging them from outside the network), I then try to ping their respective gateways directly from the pfsense box, and I get replies (as i should). However, when I try to ping google's IP through WAN1 I get reply, but from WAN2 it times out. This happens regardless of the fact, whether I have loadbalance setup or not. Any ideas?  Thanks. [image: WAN1Ping.jpg] [image: WAN1Ping.jpg_thumb] [image: WAN1PingGW.jpg] [image: WAN1PingGW.jpg_thumb] [image: WAN2Ping.jpg] [image: WAN2Ping.jpg_thumb] [image: WAN2PingGW.jpg] [image: WAN2PingGW.jpg_thumb]

Have a look at VLANs… ...in a multi-WAN environment: http://doc.pfsense.org/index.php/HOWTO_setup_vlans_with_pfSense ...and here for a basic setup: http://networktechnical.blogspot.com/2007/04/pfsense-how-to-setup-vlans.html

I changed my DNS servers to both use the public ones as suggested. I went back through the loadbalancing and failover services and changed out my static ips for the dns servers. Now everything seems to be working again. I will update this tomorrow after I connect the primary WAN directly to our modem (shouldn't make a difference). Thanks Bob

Enabling "Static route filtering" under System -> Advanced solved the Problem.

Hi all I'd the same problem, so I'd checked all my configuration: I disabled all my own rules: some of these no longer needed I followed the official doc: http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x with a difference: don't check the "sticky connections" checkbox! To browse is impossible with this option: but I don't know why… Bye

Folks, thanks for your help! The general idea is to use a single port on the switch with only tagged traffic.  This port connects to the upstream device (pfSense, another switch, whatever).  It carries the various networks over a single physical link, but each is tagged independently. If my switch was in the middle of a chain of 3 switches, i guess 2 ports would be ok for this? (At the minute, I only have 2 switches, so this question I'm asking doesn't really apply atm) On the switch, each port is assigned to groups of VLANs.  For most devices, you want them to exist on a single VLAN.  For those ports, you specify the VLAN to use for untagged traffic and remove the port from all other VLANs.  That way, even if the device sends a tagged packet, the switch won't allow the traffic onto the VLAN. So in terms of our HP switch (Mine is a 1800-24G layer2 only), what setting does your quote above refer to? Uncheck VLAN aware? Or/And just make the port a member of NO VLANs but ONLY set the PVID? (See where I'm getting confused here?) For some devices, you may wish to have it be accessible on multiple VLANs, but not route between them.  To do that, you setup the port to use only tagged traffic and only make the port a member of the VLANs that it should be allowed to participate in.  The device is then configured to set an IP per VLAN and disallow routing.  Unless you are doing something really complex, this probably isn't something you will need to do. No need for this at the minute, but thanks for explaining. My switch is only layer 2 so it's probably a bad idea for this anyways (Unless I didn't care about the single device routing between the 2 VLANS) The main gotcha with VLANs is that VLAN tag 1 is almost always special in some way.  For the HP switch I have (2800), VLAN 1 is the default VLAN and is the one on which all the management services run.  That particular setting is configurable on my switch, but many other switches don't offer a way to change it.  To be on the safe side, use VLAN tags other than 1 for your actual networks. Understood :)

Other solutions described here: http://doc.pfsense.com/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

I dont think your plan to redirect traffic with a transparent bridge will work. How i would solve it: Use a pfSense instead of the cisco. Put the cisco in front of the pfSense. Like this you have to do no configuration for the network and only have to do changes on the routers.

yes. if you dont want to use the firewall capabilities of pf, just disable them.

I too would like to know, specifily the ability to set rules up for what local ip:port the traffic comes from since that is the only part I control on the PfSense side.

Agreed, add an extra nic in one of your pfS boxes to load balance your servers and resolve routing. If you do want to make use of the second pfS box as a failover then use CARP to keep them both in sync. There are a few things to consider though… You will need at least 4 nics in each pfSense box:   1 x LAN   2 x WAN   1 x CARP pfsync If you use a DMZ, that will need an additional NIC in each box. You will need 3 useable public IP's on each WAN connection the first part - connecting both WANs to one pfSense box is a no-brainer and you should do it. The CARP setup takes a bit of configuring but is well worth the effort if you have all of the required bits above.

can i have an example?

If it's not showing up there it doesn't have a gateway (and hence isn't a WAN).

I think he means this without literal translation Hi can anyone help me I have two DSL modems from the same company and from the same ISP (assuming he means same models obtained from the same ISP) One modem is provisioned for 4Mb service and the other modem is provisioned for a 2Mb service. When I check speed test (from what source?), it only shows the modem with the 4Mb service. The two connections are not combining. When I connect the modem(s) to the TP-Link router, the speed test shows 6Mb. Then he goes on to describe how his configuration is set up but it's not working. It sounds like he wants to use loadbalancing but if either connection fails, he wants all connections to fall over to the working connection. I think he is using his connection as a wifi hotspot that services 20 users. I think perhaps because of the language barrier, pictures of a proper config might be better. However, network typology will have to be assumed, and the optimal configuration suggested, to suit his clients needs (not his) since it is his clients that are complaining.