Simply plug in the "secondary" router into a LAN port of your existing network. Could be directly on the pfsense box, then you'll need to fire up an additional interface. Or, it can even be on your LAN switch. All you have to do is give the "secondary" router a different subnet than your pfsense LAN network.

@monocleitsolutions FYI - Just to be clear Policy routing has yet to actually work at all.

That can be done with outbound NAT in pfSense. Firewall > NAT > Outbound By default it is working in automatic mode. To apply manual rules, switch into hybrid mode first and save it. Then add a new rule: interface: OpenVPN (or a specific one you may have assigned to that OpenVPN instance) source: the clients IP (CIDR) or the clients network destination: the servers IP translation: interface address

And this computer was flooding the network with broadcast? Lets see this broadcast please via a pcap.. So can load it into wireshark. But how would have anything to do with pfsense? Just set a pc to use that IP thernet adapter Ethernet 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller #2 Physical Address. . . . . . . . . : 00-13-3B-2F-67-62 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 128.0.2.50(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled No flooding.. Pfsense has no control or say in what a client puts on the network..

@pfrickroll said in Dual WAN Failover doesn't failover back to WAN 1 [Resolved]: It all works now but I have now new problem, IP Phones. I would suggest you start a new thread on this one.

well we solved the problem by this way , first create a script to check if the default route is still exists or no then if does not just add it :) I add a cronjob for this though fixgw.sh : HOSTNAME="$(hostname)" if ! [ $(route -n show 0.0.0.0 | grep gateway | cut -d ":" -f 2 | cut -d " " -f 2) == "10.10.10.1" ]; then route add -net 0.0.0.0/0 10.10.10.1 ; fi [image: 1601930467476-fixgw-pf.png] fixgw.sh.txt

@jonefc said in 3rd and 4th Lan Ports for internet: Any ideas. I think you need to understand first that these are separate interfaces...(OPT1 / OPT2) they do not depend on the LAN,...... just because it has Internet access by default (the LAN) forget your "bridge" idea - you presented above set each interface separately and give them a "default allow rule" as shown on the LAN (copy is good ....because fast) review the DHCP setting and cable connections... say review the DHCP logs and connect your cable to the ports step by step

Good to know, Thanks for the reply!

It has 6 independent ports so you should be fine. Each interface has its own firewall rules (or there can be floating rules). For multi-WAN see https://docs.netgate.com/pfsense/en/latest/multiwan/index.html

Feature request for this: https://redmine.pfsense.org/issues/4881

Looks like the installation was broken. I had some messages of libreadline.so missing or something like that, at first was only php but then I found unbound wasn't starting because of that. Upgraded to 2.4.5 (reinstalled, to be more precise) and not the firewall rules appear to work as expected.

@fredmoped said in Static route overwritten?: IPTV_INSIDE when you make a firewall rule under IPTV_INSIDE, there is an option under Extra Options" / "advanced options" where you can chose the default gateway you don't need to set static route, start with a any/any rule with gateway IPTV_GW [image: 1601367524354-immagine22.jpg]

OK, I refined this. Here's what seems to be absolutely necessary. This is about 20K' overview so if anyone wants details I'll provide happily. PFsense setup for linked routers Routed RIP on both WAN and LAN set up and working 3rd network connection physically linking two routers, same subnet, separate IP addresses gateway configured for the physical link between the routers, pointing at the remote IP address for the link static route to remote router's LAN, pointing at gateway from #3 on physical link network, configure these rules: A) remote network IP to LAN network B) Routerlink network to any c) LAN network to any d) IPv4 ICMP protocol enabled for all (allows ping testing) Configure this way on both sides, and you should work. :)

@viragomann I solved it by compiling in the WAN interface "IPv4 Upstream gateway" and saving again "Automatic outbound NAT rule generation. (IPsec passthrough included) " Automatic rules have been created Thanks

Can only operate on the information given. First step: Firewall > NAT, Outbound Switch to Hybrid mode. Create a DO NOT NAT rule on WAN for source 99.xxx.254.40/29. Create a new inside interface. Number it 99.xxx.254.41 /29 Put hosts on that interface on 99.xxx.254.42 - .46 /29 gateway 99.xxx.254.41 Make firewall rules on the interface to pass the desired outbound traffic.