  • pfSense is working great and I've managed to figure out how to route between vlans but I have one issue left to resolve. I have 4 WAN connections and would like to have policy based routing for outgoing connections, (port forwarding would still work right?). For instance I have "Users", "Staff" and "Servers" and need each of them to use a predefined WAN connection. With the vlans below I can route between the vlans but for some reason I can't get the vlans to use the proper WAN connections. They all seem to use the main WAN connection and not the one I set, even when I try to use "Advanced NAT" and define rules for each WAN connection. So here is the layout:

    WAN Connections
    DSL1: - Users
    DSL2: - Staff
    DSL3: - Extra, would like this to be failover for the other DSL connections.
    T1: plus 4 extra IP's, - Servers (Port forwarding for mail, web, etc.)

    Internal Networks
    VLAN 10 (Users) =
    VLAN 15 (Staff) =
    VLAN 20 (Servers) =

    pfSense Interface Assignments
    sk0 : LAN :
    sk0 : VLAN10 :
    sk0 : VLAN15 :
    sk0 : VLAN20 :

    sk1 : OPT1 (T1) :
    re0 : WAN (DSL1) :
    re1 : OPT2 (DSL2) :
    re2 : OPT3 (DSL3) :

    As I said I can route traffic to other VLAN's but I can't seem to get the outgoing part to work right. (I'll post screenshots of rules when I get back to work). Hopefully I can get the VLANs to use the proper WAN connections and still have the VLANs communicate with each other. Anyways thanks ahead of time!

  • One way to accomplish this without fooling with AoN is to set up the default outgoing rule on the interface and select the appropriate gateway from the dropdown box. If you just want to choose the gateway per network this should be fine for your needs. This has always worked for me, have you tried it?

  • I'll try to do as you mentioned again and see if it works now. One problem was that the DSL modem was broke but still functioning enough to mislead me into thinking pfSense was the problem. Now to test and show some results. Thanks!

  • Yep it was all my fault. I got confused about the order of the rules on each interface, (I have a total of 5 physical interfaces and 3 VLAN interfaces). So I removed all the extra interfaces and did it one WAN connection and one VLAN at a time, using my laptop and spare system to test internet connectivity. I'll post a example of the configuration when I get a spare moment. Also I must say this was actually really simple and provides more functionality than any other router/firewall solution. Thanks for the help.

