Yes, I did.

With a lot of reading here and setting up 4 or 5 PC's on the test bench with pfsense running I managed to get it working to a point where I was able to proove to myself that it was conceptually possible.  I just need to get a handle on firewall rules now and some of the finer points of pfsense.

So, multiple LANS is possible that are kept separate from each other, this is done by firewall rules.

From your post#6, it looks like you're doing only port forwarding?
I'm not an expert on this, but if you're trying to map those ip to internal server/system. You can add those ips into VIP as proxy arp and add NAT1:1

Interface:WAN,  External IP: x.x.x.179 , Internal IP: 192.168.100.3,  Description: Server 1
Interface:WAN,  External IP: x.x.x.180 , Internal IP: 192.168.100.4,  Description: Server 2

LAN1 (any host) to LAN2 pfsense interface and hosts - ping ok
LAN2 (any host) cannot ping pfsense LAN2 interface but can ping LAN hosts.

Only when I am in LAN2 that I cannot ping the LAN2 gateway (pfsense interface LAN2 IP)

any other hosts can ping both LAN1 and LAN2 pfsense interface

The attached file is broken.
(Not openable with OpenOffice Spreadsheet or Excel 2003)

would it be possible to knock up some drawing that shows your network and what is connected to each network interface?

[EDIT]
Thinking about this some more the most likely cause is that you have set all three (WAN, Opt1, Opt2) interfaces to bridge. check the "Bridge with" parameter is set to none for eac of the interfaces

Thanks

Thanks again - will relocate to vip forum.

I may have misunderstood what you are trying to acheive, here is how I understand it.

Host A on local network goes through WAN interface and sees OpenDNS setting apprioriate for WAN derived traffic.
Host B on local network goes through Opt1 interface and sees OpenDNS setting apprioriate for Opt1 derived traffic.

How I would acheive this first I would switch off the PFsense DNS forwarder.

next I would add the OpenDNS server IPs either statically or through DHCP to the end hosts.

Then have rules that constrain traffic for each host goes through which WAN.
You can still use failover if you wish to provide it for any services that do not require DNS lookups for initiation or during use, such as MSN, games etc….

If you have a lot of hosts I would go one step further and create an Alias list for the two groups and pop in the hosts that you want in each list.

Cheers

Paul

Don't know how mission critical your install is.
I would give it a shot but I could live with an hour's drop out for reinstall if need be…

Consider packages used and the amount of configuration that's not out-of-the-box. Anything special in your setup? But yes, it's still an RC.

@ktims:

No, and the pfSense box itself won't use policy routing, so it'll still be trying to route out the WAN interface. Clients behind it should be able to route though. The load balancer doesn't change the system routing table, it adjusts the policy routing rules instead, which don't apply to traffic originating at the pfSense box.

This was my big mistake…i did the testing on the pfSense box itself...

Thanks! The DNS forwarding worked like a charm. I did have to input each site separately, but it fixed the issue.

@GruensFroeschli:

yes.

Thanks MAN

In 2.0 there are "Interface Groups" where you can join multiple similar interfaces together. I believe you can still have separate interface-specific rules when using groups.

You can probably use this to accomplish the task, but it isn't something that will find its way back into 1.2.x.

No.
The loadbalancing in pfSense does not work directly with multiple gateways.
Essentially you create a loadbalancing pool and assign multiple gateways to such a pool.
Then set as default gateway this pool.

You can't add multiple gateways in the same subnet directly.
But with a little hack it's possible.

@http://forum.pfsense.org/index.php/topic:

1: Create a balancing pool and add a dummy-entry.
2: Download the config.xml and find the part with the info you add.
3: Copy/Paste your dummy entry and fill in the real gateway/monitor IPs.

As monitoring IP use one of the immediate hops on your ISP's side.
You cannot have the same monitoring IP for different WANs.

4: Restore the config.xml.

more_info/screenshot:
http://forum.pfsense.org/index.php/topic,9422.msg53290.html#msg53290

afaik upnp forwards only from the primary WAN.

If you search with following keyword "on any opt" you'll find it

You need 3 IP's for the setup….. 1 public IP, and 2 extra for the redundancy.

http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)

@jhp:

Ah! Of course! I set it up to work with CARP since my external addresses are all virtual ones. smacks forehead

I'll try to get into work early this week to create a new rule for 10.2.x.x and test it. The rule is only presently set to 10.1.x.x which would certainly explain the problem.

Thanks!

This Rocks… I had the same problem.. and it now works .... THANKS!!!

Yes I did and I do have a rule in my ATTWan that I have disabled, if I don't add the rule to the LAN tab then the traffic for that rule does not get routed properly out the correct interface, it defaults to the WAN interface everytime.  The only way that I have been able to get it to go out a particular interface is by adding the lan rule for the ip and then pointing it to the ATTWan gateway.

Andy