PfSense 2.0 with 2 internet connections online.

  • Hi everybody,

    I have pfSense 2.0 with 3 interfaces:

    em0 - WAN1 - (Gateway:
    em1 - WAN2 - (Gateway:
    em2 - LAN -

    I don't need load balancing, I just need the FW to answer through the same interface the packet came from. I'm not sure if a "failover" setup would work this way, and where to setup weight 1 for GW1 and weight 2 for GW2. (I know you can do this with Linux & iproute2 but not sure with BSD.)

    If I initiate the connection from the LAN, the GW with weight 1 should be used.

    Is this possible with pfSense 2.0?

    Thanks in advanced.


  • Rebel Alliance

    Check the Docs:

    hint: check the tier part

  • Hi ptt,

    I've did read that, I just didn't quite understand the tier part.

    If I create a GW-group with both gateways, assigning tier1 to GW1, tier2 to GW2 and with "member down" with the trigger level should do the trick? Or maybe tier1 to GW1 and 'never' to GW2? Or 'never' to both?

    Sorry I don't get to see it!


  • Rebel Alliance

    Lets say:

    WAN1 –> 1mb
    WAN2 --> 2mb

    if you want load balance (also you get failover because when a member is down its excluden from group):

    WAN1 & WAN2 must be on same TIER (TIER1)  and must set weight to 1 for WAN1 & 2 for WAN2

    If you use "Member Down" as trigger, and you dont care about having a WAN unused, can set WAN1 to TIER1 and WAN2 to TIER2, but all the traffic will go trough WAN1 and WAN2 will be active only when WAN1 is down.

    I will try first with both WANs in TIER1, and using the "Use sticky connections" options in "System: Advanced: Miscellaneous".

    And if you have problem with some traffic, you can use "Policy Routing" for those traffic.

  • Hi ptt,

    I've not answered anything yet cause I'm playing around with the info you gave me.

    So far It looks good, I'll let you know results as soon as I'm finished!

    Thanks again :-)


  • brother, how to make a rule that if play game, we use wan1 and if play browsing and etc, we use wan2. I dont know. please give me an example or picture. I am newbie.

  • Hi jundi49,

    I'm on a train heading back home. I'll be glad to post some screenshots on how to set that up tomorrow from the my office.

    Meen while, what games are you going to play? You'll have to setup outgoing rules from the LAN interface (or whatever IF the connection is being originated from) and select different GATEWAYS depending on the destination IP & PORT.


    Src: LAN Subnet.
    Src Port: ANY
    Dst: ANY
    Dst Port: 80 /443.
    GW: Web browsing gateway. (aca GW1)

    Src: LAN Subnet.
    Src Port: ANY
    Dst: Gaming Server IP
    Dst Port: ANY
    GW: Gaming gateway. (aca GW2)

    This would send web traffic through GW1 and gaming traffic through GW2.

    Maybe it sounds a little fussy but it's not hard at all. As soon as I can, I'll post a couple of images you'll understand right away. (If you haven't already.)


Log in to reply