Thank`s I was thinking that can it be done with vlan`s.

on ZEUS put in 10.0.0.0/22 via 192.168.125.1 or default via 192.168.125.1 on CERBERUS put in 10.0.0.0/22 via 192.168.125.65 on DEVROUTER put in 192.168.125.0/26 via 192.168.125.65 got here a 150 km ipsec vpn between 192.168.1.0/24 with localadress 192.168.1.1 and 10.141.254.0/24 with localadress 10.141.254.254 my routes are on the 192.198.1.0/24 network: 10.141.254.0/24 via 10.141.254.254 and on the 10.141.254.0/24 network: 192.168.1.0/24 via 192.168.1.1 ping is 32 milisec if i olso had 172.178.1.0/24 beheind the 10.141.254.0/24 network then on the 192.168.1.0/24 network this route had to be add 172.178.1.0/24 via 10.141.254.254 and on the machine with 10.141.254.254 there has to be a route to 172.178.1.0/24 then and from 172.178.1.0/24 there must be a route back to 192.168.1.0/24 via the gateway that has contact with the 10.141.254.0/24 network

Nice! And sorry that I didn't catch all the details from the asciiart  ::)

IFStated is already a pfSense package.  I haven't personally used it for a bit, however.

Hi, I do have it setup as described in my post and it doesn't work. If I manually change the default gateway on the OVPN server I can connect through either ISP (not at the same time though). An Ethereal trace shows that the arriving packet has a real IP address 86.1.x.x and when the OVPN server responds it sends the reply to via its default gateway, which may or may not be originating one. Tony

170212 rule 10/0(match): block in on rl1: 149.217.134.251 > 10.0.0.2: ICMP echo request, id 512, seq 59649, length 40 If I put OPT interface DHCP, IP address is 149.217.50.100 /24, and it work. If I put OPT interface Static, IP address is 149.217.134.211 /26, doesn't work. help me please

Congratulations. Great!  ;D

never mind. I was a fool without a pool.

I would add virtual IPs for your WAN /29 subnet and use 1:1 NAT to map them to internal machines. To make use of WAN1 and WAN2 just create rules for the desired traffic and set the appropriate gateway at the bottom of the "rules edit" page.

One odd thing I've just encountered, is that WAN 2 (OPT 1) is not able to connect to FTP servers. I always get a "time out". I'm using Firefox web browser to view these FTP servers. I tried FreeBSD, OpenBSD, Slackware, Debian, etc sites. (Official download link and various mirrors around the world for each project). All "time out". To make sure it isn't my connection, I connected a M0n0Wall box to it, and I was able to access FTP! I double checked by using a Linksys WRT54G router (with third-party Linux firmware installed), and had no problems with FTP. I've tried enabling and disabling FTP-Helper. As well, I've opened up ports and such…It did nothing, as I would still get "time outs". (I've sent all logs via Syslog to a PC on the LAN side, but I don't see any pf rules blocking FTP connections). Do any of you folks get the same problem?

This is specific to pfSense's policy routing approach. (As discussed in Dan's Tutorial, see tutorial section) Can's or Benefits Manually assign which service/server or PC goes to which ISP. Manual failover. (As in if one ISP fails, you manually re-assign your LAN PCs) Consolidate multiple routers into one box. (Save space and electricity) Manually distribute the users on the LAN side to available WANs. Simpler to implement in complex situations (especially with VPN connections, etc). Cannot or Disadvantages See ZGamer's comment.

I played with it and found a simple solution.  I added a script to /usr/local/etc/rc.d named lan_alias.sh, did chmod to 755 on the script, and rebooted. Script contents: #!/bin/sh case "$1" in start)       ifconfig em0 inet x.x.118.1 netmask 255.255.254.0 alias       ifconfig em0 inet x.x.116.1 netmask 255.255.254.0 alias       ;; stop)       ;; esac

Indeed, good work Dan! I'm testing your guide with two Cable (10Mbit) ISP connections here in Australia. fxp0 => LAN fxp1 => WAN fxp2 => OPT1 (re-designated as WAN2) WAN => Telstra Cable (due to bpalogin being needed) WAN2 => Optus Cable WAN and WAN2 are using DHCP. (Telstra needs bpalogin to make the connection workable, but really uses DHCP to get IP address, DNS info, etc). LAN is using Static IP as I want to manual specify which PC connects to which ISP. I guess the only tricky part is that you must be specific with the firewall rules! I'm thinking about doing a complete detailed guide for Aussie newbie users. (It should still apply for anyone with two or more DHCP WAN connections) Should I title it : "Consolidating Multiple ISP connections with pfSense" ???

@charles.regan: ok thanks. I did find an answer for my first question. Can CARP do load balancing in my setup? You can do ARP balancing but I am not sure how well it works (never tested).

sure, just a basic setup wiht some introduction what is needed, maybe a small visio drawing.  :)

Hi All, I have a fairly similar PF configuration, 2 x WAN and 1 LAN (Opt2 spare). I have so far not successfully been able to configure PF to route to WAN1 and WAN2. I have 2 Static IP's accounts for DSL, 2 Routers configured to Authenticate and both are active and data passing at each router. I can swap the routers to the WAN1 NIC and change the gateway IP and the default gateway works fine. But I have been unable to successfully set the NAT and Rules so that depending on the originating IP of a LAN PC to route to the nominated gateway. I can ping the WAN2 IP from a Lan PC, but not the Router IP or the Static IP on that account, while WAN1 works perfectly. Obviously I have a setting issue somewhere with either or both NAT, Firewall rules. I have tried following the info regarding Dual WANS, but I have had no success at this stage. I have no intention of LoadBalancing the DSL accounts, but both active all the time. Ultimately I would like to set up a Policy to route individual IP addresses/range to either WAN1 or WAN2, depending on how much traffic and downloads each individual uses. (1 DSL has small Download limit and the other has High Download limit, both 1.5/256, best we can get and it took 3.5 years to get this). But I am not sure which is the most successfuly way to configure this option. Are there any plans at some point to work into PF or a download with particular configuration templates as a base to setup PF, as this would most likely save much time trying to troubleshoot many different configuration types. Thanks for your assistance.

OK, that's what I thought but any of the actual build is currently supporting monitoring to start testing ?? The final milestone is near …. :P Gabriel

You need the following routes: at Router A: Interface LAN; subnet 192.168.4.0/24; Gateway 192.168.3.1 Interface LAN; subnet 192.168.2.0/24; Gateway 192.168.3.1 Router pfSense: Interface LAN; subnet 192.168.4.0/24; Gateway 192.168.1.1 Interface LAN; subnet 192.168.2.0/24; Gateway 192.168.1.1 Router B doesn't need any routes as the default GW of this one is Router A btw, why is there a GW at your OPT1 at Router B? You only need this if this is an additional WAN and besides that the gateway isn't in the range of the OPT1-subnet. This doesn't make sense. Delete the gateway there  ;D

by the way, i forgot to mention that this is not a office network, but 500 apartments and groving, that are sharing the same internet connection, together with cheap telephone, and cheap tv here in denmark when we began to make this network, be did a lot of thinking about the structure before we implemented it, and i think today, we are happy with our subnetting, cause we get bigger and bigger with more apartments all the time, so its nice to have done things the right way from scratch. anyway thanks for the replyes sincerely Carsten www.sundbynet.dk