Are you a commercial customer of Comcast with statically assigned ip's? if not-

Change the mac address on one of your WAN interfaces and see if that will assign you a new IP and gateway.

I haven't used a setup like yours but Ive played with different gateways from my cable company that way before they got things balanced…

If your a commercial customer call them and request it.

Could you draw a diagramm of which IP-range is where?

Create a rule on the LAN tab.
This rule should be on top of all other rules so it gets processed first.

Set as source IP your client.
Set as gateway the WAN you want to use.

From now on this client should always go over the specifies WAN.
You could refine the rule and limit it to be used only for specific ports.

Thanks got it working with the one lan. I am now trying to load balance. I have two wans coming in my pfsense, one is through ethernet and the other is wireless. I want to be able to tell it to only use a certain amount of each connection. For example on of my connections speed tests at 20,000 kbps and I only want to use 10,000 kbps. Can anyone help?

Ok, thanks. Do you think that next relase will implement this feature?

Load Balancing and Traffic Shapping can't running on same box because now the traffic shapping can't perform with Multi Wans.

Apologies for the grammar, rusty english, and too much coffee.
Setup diagram http://screencast.com/t/sjw5cQvfL
Yes, I'm trying to give OPT1 all to the pbx inside the lan.

When I configure OPT1 in pfsense like
DHCP, Bridge with NONE; the PBX can't reach the internet.
When I configure OPT1 in pfsense like
DCHP, Bridge with LAN; the PBX can reach the internet.

The problem is I can't reach the PBX from the outside. I need to be able to reach it so phones and trunks, register to it.
I created rules at Firewall/NAT saying from OPT1, port 4569, pass to 192.168.1.54
(and several other)

If you think I'm taking the wrong path and know a simpler trick/setup, I'm all open to suggestions :)
thanks for taking the time to reply.  8)

looking forward to this.

Yeah this is extremely badass if it works. I like that it won't reset on reboot.

Hopefully I'll get a chance to look into this. Others feedback is appreciated.

http://forum.pfsense.org/index.php/topic,7001.0.html

the firewall/rules part

Hi,

thanks for the answer. However, from what I understand, oubound load-balancing will not work if the WAN interface uses PPPoE directly? I've tried on 1.2 and I'm unable to add a PPPoE link to the pool. Unless this is fixed in 1.3?

Thanks and best regards,

Jonathan

But now I've added WAN3 in the form of a cheesy Verizon dynamic PPPoE DSL line. It won't do 'transparent PPPoE bridging', so out of frustration I just let it NAT and hoped the double NAT doesn't get in the way. (FYI, I do have a 'pppoe bridge mode' capable modem coming that should make WAN3 work as a public DHCP IP, but that's days away at best).

I use the DMZ function on my modem with out any problems.

The way i would start troubleshooting is to make sure it has nothing to do with current setup.
boot from livecd.
assign nics, change the gateway on default lan rule to wan3 and nothing else at all.

http://forum.pfsense.org/index.php/topic,7001.0.html

it does round robin load balancing and/or failover, so yeah
but if both of your dsl's are from the same compay they'd prob both go down at the same time
even w/ diff dsl isp's they often go back through the same telco's equipment.  I'd get one cable and one dsl for better assurance that at least one will always be available

nobody is going to hold your hand tho in setting it up, theres good doc out there, find the multi wan HOW-TO v. 1.2 doc and follow it step by step

System Advanced
[v] Enable Filtering Bridge

OPT2 configuration
enable [v]
static
bridge with: LAN

rules on OPT2
*  OPT2 net  *  *  *  *
*  LAN net  *  OPT2 net  *  *

interesting (for me) was last line - plain Linux/Windows desktop works fine without it, but my server not, DNS server was not available for LAN and other connectivity problems …

may be someone of senior comrades can comment it and my configuration also

thanks to all!

ieleja

http://forum.pfsense.org/index.php/topic,7001.0.html

Right now: no.
Search the forum since there are some hacks and howto's around on how to circumvent the problem of the same gateway.

Can you show a screenshot from your LAN rules?

If you want to access an interface directly you have to create a rule that doesnt force the traffic to the loadbalancer (since you seem to use 2 WAN's).

If your ISP supports MP (multilink PPP) I think you can just bond the connections to act as a single wan in pfsense. This can be achieved using userland ppp or mpd 5.

I'm in the middle of trying to implement this and may be confused tho, will let you know.

For anyone searching later on, I wanted to give an update on this thread.  I finally got the configuration working, and the problem wasn't because of the pfSense box.  The problem resulted because the proxy server is dual-homed to two networks that had routes between them.  Since the proxy server and the pfsense box had 2 networks in common, things were getting screwed up.

The relevant lines from my config (manually configured) are:
For the load balancer:
<type>gateway</type>
<behaviour>balance</behaviour>
<monitorip>192.168.75.1</monitorip>
<name>Proxy_Server</name>
<desc><port><servers>192.168.75.1|192.168.75.1</servers>
<monitor>For the fw rules:
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>tcp</protocol>
<source>

<address>192.168.75.1</address>

<not><destination><any><port>80</port></any></destination>
<descr>Allow HTTP</descr>
<gateway>Proxy_Server</gateway></not></os></statetimeout></max-src-states></max-src-nodes></rule>

In my configuration, I have a NAT router (pfsense) that has a LAN, WAN, and OPT1 interfaces.  LAN is set up internally, WAN goes to the Internet, and OPT1 is cross-cabled into the proxy.  The proxy server is a Solaris 2.8 Squid 3.0 box configured for transparent connections.  It has 3 interfaces, bge0, bge1, and bge2.  Bge0 goes to the internet, BGE1 goes to the same network as the LAN on the NAT, and bge2 is cross cabled into the pfsense box.  It may sound confusing, but we did it this way so the proxy has it's own public IP, and doesn't have to have traffic flow through the NAT if a client configures their browser to go directly to it (which almost all do).

The proxy server has the following ipnat rule applied:
rdr bge2 0.0.0.0/0 port 80 -> 192.168.75.1 port 3128

What I saw happening was confusing for a while, but I was able to figure it out.  When traffic from a client who was using the transparent proxy would go through the pfsense box, it would be routed correctly to the proxy server.  The proxy server would see it, and respond back but it would go through the wrong interface (bge1 rather than bge2).  This resulted in the client receiving the packets, but from the wrong source.  If I created a route to force the traffic back through the pfsense box on the proxy, it would work, but then all traffic from the proxy would go through pfsense, which is unnecessary.

Finally, from reading TONS of online material, I figured out that ipfilter would solve this problem with source based routing.  I know have the following line in ipf.conf:

pass out quick on bge1 to bge2:192.168.75.254 from 192.168.75.1 to any

This tells all traffic seen on the bge1 (LAN) interface that came from from the proxy subnet (bge2) to go back the way it came (bge2) to the ip of the OPT1.  This means that all traffic originated from the LAN goes back through LAN, and all traffic based from the Proxy-Pfsense highway goes back that way.

I know nobody may need to read about this, but I wanted to put my experience here just in case there was someone else with the same problem later on down the road.  It certainly cost me a lot of time.

I appreciate all the work others did to get me to this point.</monitor></port></desc>

your new IPs should be added as Virtual IPs, in the Firewall menu. you can then use them for NAT.

your diagram  seems to imply that you might have 2 wires coming out of the modem. this is not correct. you just use the existing wire, no problems.