Bride the modems and use dhcp at your pfSense. Make sure all WANs have DHCP assigned before starting to configure pools and it should work. The main problem with that config is if a link goes down as pfSense will add static routes for the monitor IPs to the corresponding WAN. However, if the interface goes down and the lease is released the gateway's disappear and it might be problematic to detect a linkup then. As far as I remember from my labtesting it still worked for me though.

Correct, the only thngs that doesn't work too well with multiwan is the trafficshaper (of 1.2 but this will change in 1.3, see the shaper bounty thread).

For now the only thing that you can do is run the shaper wzard and configure the bandwidth in the following way:

WAN upstream = real upstream Speed of WAN
WAN downstream = Sum of all WANs (WAN+OPT1+OPT2)

The problem with this is that the wan downstream actually is shapped outgoing on LAN. As LAN will have access to all WANs for downstream you should add all the WAN-Speeds or you won't be able to make use of the full speed of all WANs.

This is not the optimum of course but it works better than without shaping at all on my 3 wan setup.

No i understood you correct.
I think you should reread my post :)

Have the IP to which your /27 subnet is routed to directly as WAN-IP.
Add the additional IP on your WAN as VIP.

Define the IP of the OPTx or LAN (or whatever the interface of your /27 subnet is called)
as one out of your /27.

If you enable advanced outbound NAT you can define manually what should be NATed from where to where, or what should NOT be NATed.
In your case you DONT want to NAT your /27 to WAN.
If there is no entry in the AoN table for the subnet it wont be NATed, but routed –> which is what you want.

Maybe you could write which steps you took and i can help you from there.

You have to create gatewaypools that consist of your wan gateways. However, something looks wrong with your subnets as your wan2 gateway is not within the wan2 subnet.

Right GruensFroeschli, you can do that with a single wan and editing the poolconfiguration in the config.xml manually. It will be possible through the gui in 1.3 as seth rewrote the gateway code to be much more flexible. Please note that you won't be able to edit that pool through the webgui, once you modified it manually in the config.xml but that should not be needed anyway.

search the forum for "server loadbalancing". Also have a look at http://devwiki.pfsense.org/wikka.php?wakka=IncomingLoadBalancing .

Get a modem tat supports the so called "half-bridged mode". You will enter the pppoe credentials at the modem and the modem will then hand out the public IP via dhcp to the pfsense behind it. It won't do double nat or firewalling so it usually is more stable than the routers that you are talking of.

thanks.. changed the rules to have gateway * and added static routes to WAN and OPT1 DNS servers and I can get online now from OPT2 subnet, through WAN only of course.. going to fiddle with it and see if I can get OPT2 to use the LoadBalance instead of only WAN

I think proxyARP will use the same macadress for traffic. If they route these IPs to you anyway regardless of a macadress you also can use type "other".

Sorry dint see your comments on the 2nd page..

Any suggestion for this…?

Try to traceroute back and forth and check if the routes are different. This will break statefulness. Maybe you are missing a route somewhere or your multiwan rules are sending out packets to the wrong gateway.

What kernel are you running and is this a multiprocessor/core system?

The dns forwarder will just work like as dns client running on the pfSense. it will first use the first dns and only if that one fails use the second dns unless you have mappings for dedicated domains to use a special dns server.

thx

Can you show us what you did and what looks the same? Some ISPs have their dns servers directly in the same subnet like the IP that you get from them. In that case no route is needed of course.

changed it to 192.168.0.1 and it worked like a charm.  My bad for testing I was putting it in the same network space as the LAN interface = bad idea.

Thx

Virtually with a single pfSense? No. Virtually with vmware running 2 pfSense systems? Yes, but you shouldn't run a security sensitive device like a firewall in vmware. Search the forum for discussions why this not a good practice.

I had a rule that looked like this on LAN_GUEST.

*  LAN_GUEST net  *  ! All_My_Internal_LANS (not including LAN_Guest)  *  *

That was stopping it for some reason. Even though the traffic never touches/sees/passthroughs/ any of the other LANs, it was still blocking it.

I reordered it, putting this rule above it (it used to be at the bottom)
*  LAN_GUEST net  *  *  *  WAN_DSL

now it works. Any ideas why that is?

Yeah, the PIX will not send traffic back OUT the interface the traffic came in. This is by design, but sometimes it's a PITA.
PfSense will work fine, just add the static route and check the box under advanced for static route filtering.

We have some customers using it which is why we cant put them on PfSense. Would be a nice feature.

I guess PfSense was not really made for this type of environment. Not many people that would use this for a firewall have BGP or even know what its really for… We have a webhost company that requires BGP and would love to use PfSense but they need something stable with BGP.