OK I have made some progress on this. It seems there may be a compatibility issue betweem my Linksys Router (Model BEFSR41V4) and pfSense Loadbalancing. At this stage I am not sure if it is an inbuilt firewall rule on the Linksys Router (which prevents pings after a certain amount of time) or the type of Broadband Cable connection I have. In Australia my ISP (Telstra Bigpond) utilises a unique Heartbeart Signal/Authentication System (a real pain in the behind). Anyhow, I changed routers (i am now using ipcop to connect to my ISP) and loadbalancing works fine. I will do more investigating and try and get to the root of the problem and post here if successful.

The difference between policybasedrouting and multiwan is not that big. You even can use both simultaneously (send some special traffic out WAN, other special traffic out WAN2 and use loadbalancing for everything else for example). The main difference is that you use one of the interface gateways as gateway for your firewallrules or a pool of gateways as gateway. When to use which: There are some special applications that won't work well together with loadbalancing (https, pptp, ftp,…). You should use policybasedrouting to make these go out only one of the WANs. Other applications can be distributed across both WANs without issues.

No luck without the workaround :(

This is completely wrong. You don't need any static routes. You need the subnets in the tunneldefinition the way I posted them. IPSEC has nothing to do with static routes or if you want to see it this way: it will "somehow create the routes" the way that you specify the subnets in the tunnel definitions. I haven't noticed a DHCP client bug yet but I have to admit that I either use static IPs or PPPoE connections everywhere. However PPPoE is dynamic with 24h forced disconnects by the provider with IP-Change. PPPoE works fine this way. Anybody else noticed DHCP client problems with portforwards/firewallrules?

Let's assume your DNS-Servers ar 1.1.1.1 and 1.1.1.2 for WAN and 2.2.2.1 and 2.2.2.2 for OPT-WAN. At system>general enter one DNS Server of WAN and one of OPT-WAN like 1.1.1.1 and 2.2.2.1 Then at system>static Routes add a route: Interface OPT-WAN Subnet 2.2.2.1/32 Gateway OPT-WAN-Gateway (either look this up at status>interfaces or at interfaces>OPT-WAN if it's static). Save and apply.

thank u everybody for ur help! I finaly route and make my dhcp serveur up!  ;)

@j2sw: I was reading on some other threads about Dual Wan and 1:1 Nat. We just moved up from a single wan to a dual wan setup. I am used to going in, adding a 1:1 Nat, adding a firewall rule to pass traffic to the host, and adding the proxy arp. From what I read the Dual wan setup requires port forwarding to work properly? Is this true?  If so any tutorials I am missing? Thanks, Justin I suspect most people don't have actual IP blocks in their multi-wan configs, just single IPs, so 1:1 nat's are in infrequent use.  I think you'll be ok to do 1:1 via one wan.  You should also be able to specify a port forward range of 1 to 65535, which from the outside would achieve the same result.  Inside out, you can just use regular advanced outbound NAT to map the internal workstation to a given IP on each WAN. –Bill

This setup is not supported unless you use vlans and a vlan capable switch.

Thanks to all responders

That should just work fine though if the webproxy is the only thing you need you should have a look at the squid package. Maybe you get it up without smoothwall in the same time that you would need to set up pfSense with smoothwall in this scenario. Is the smoothwall transparent proxy? There is one thing in this scenario that is not that nice the way you painted it: If you want to forward something from one of the WANs you have to configure the passthrough at the smoothwall and at the pfSense. I would suggest a setup like this:   WAN1       pfSense LAN--+------smoothwall   WAN2            |                   +------clients If the smoothwall can't be run with only 1 Interface try this setup (you will need 4 nics in your pfSense for this):   WAN1    OPT2-----------------------------+       pfSense                              |   WAN2    LAN--+------LAN/smoothwall/WAN---+                 |                 +------clients You can either block Internetacces from LAN to either of the WANs on port 80 or even redirect it back to the smoothwall. The smoothwall itself then will send the requests out via it's default gateway, the OPT2 Interface of the pfSense. I have this setup using an IAS as proxy at a customers location.

At shell when you run pftop you should see the monitorpings every few seconds. Besides that there is really nothing much about this setting. It should just work (and does for all my loadbalancing setups just fine). Don't have firewallrules issues either.

You can either use a nat rule, but the squid proxy box has to be on a different interface or it will not work. Or use DHCP to assign a specific interface a different default gateway and make the squid box static. I know theres other topics in the forum on this as I discusses it before and and a squid box running at one point.

OK, I've got browsing on all machines, by changing the Source on the ADSL connection to ADSL Net I think I have it all working now :) This can be deleted if needs be and I apologise for unneccesarily posting

Thanks Hoba, I will try to test.

Ok. Let continue. I presume you can ping the OPT1 interface from the SSH interface (option 7). You should be able to ping other devices behind the OPT1 interface, also. To be sure : give these devices a static IP (192.1968.2.x in your & my case) - check if they haven't any restrictive firewalls activated on them. For instance, I use a couple of AP's (192.168.2.2,3,4,5,…), attachad to my OPT (Hotspot network) and they accept only (local administration) traffic comming from 192.168.2.1, my OPT1 IP. I don't want my 'hotspot clients' to start administer my AP's  ;) Btw: You're saying/using "OPT1 net" as an alias (see post below) - check it twice if your usage of aliases are correct. Use hardcoded adresses instead (192.168.2.0/24) to test.

Reinstall.

@hoba: Did you already have a look at status>rrd graphs? It's included in core, no package needed for that. I think I dont; If I remember I've seen the Traffic Graphics, that one that are updated live; I'll check this! Another simple question; I'm using squid and would like to know how can I use word black list for urls?? Thanks again and I must say that every new feature discovered shows me that I make the right choice for the firewall… contratulations for the tool. srs

You should shut down NAT to make the clients at LAN1 and LAN2 see each other by it's local IP (go to firewall>nat, outbound, enable advanced outbound nat and delete all custom mappings). Set the gateway at pfsense1 link1-1 to pfsense2 link1-2 (WAN). Same procedure for the OPT1 there (with according settings). You also should add some pass any rules to all interfaces. Then at pfSense create a gatewaypool consisting of link1-1, link2-2. Use this pool as gateway for the lan rule at pfSense1. Set this up vice versa at pfSense 2. Oh, and disable block local subnets at both wan interfaces. I hope that makes some sense and I haven't forgotten anything. I would be interested if that actually works. Give some feedback  ;D