I have read a lot of post (not all) to try to figure out what I'm doing wrong. I probely missed the posts with the answer!
My specific senario is maybe a bit odd.
I'm running pfSense 2.0.1
I hava a PC with 5 NICs
1 is for LAN and 4 is for WAN
My ISP give me up to 5 DHCP adresses, and each IP adress is limited to 20 MBit. They do sell it as a 100 Mbit Internet connection, which is right if you combine all 5 adresses.
Thats why I'm trying to loadbalans over the 4 NICs (if I get this to work I will get one more interface)
All WAN NICs uses the same Default GW
I also like to be able to set up Dynamic DNS on each WAN Interface
Before I tried to set up this pfSense Firewall I used 5 TP-Link TL-R460 http://www.tp-link.com/en/products/details/?model=TL-R460
routers connected to the same 192.168.0.0 network, mostly to be able to use 5 IP addresses with Dynamic DNS, then I used port forwarding to different computers and port on the 192.168.0.0 network.
So this is what I have done in pfSense.
First I enabled assigned and enabled all interfaces, and changed the name form OPTx to WAN2 to WAN4 and I renamed WAN to WAN5
All WAN interfaces are configured as Type DHCP and to block Private Networks. Everything else is blank.
Under System->Routing I have 4 Gateways named WAN2GW, WAN3GW, WAN4GW and WAN5GW, one for each interface with the same Gateway IP, but separated Monitor IPs that is pointing to public sites.
WAN5GW is my Default GW
In Groups I have one group called Out where alle WANxGW are marked ad Tier 1 and Trigger Level
is set to Member Down
In System -> General Setup I have a Hostname and a domain. No DNS servers specified but I Allow DNS server list to be overridden by DHCP
Going to System -> Advanced and the Tab Firewall/NAT I have Bypass firewall rules for traffic on the same interface
under Firewall Advanced and I have Disable NAT Reflection for port forwards
and Disable NAT Reflection for 1:1 NAT
marked under Network Address Translation.
In the Tab for Networking I have checked Disable hardware TCP segmentation offload
and Disable hardware large receive offload
In the Tab Miscellaneous I have checked Allow default gateway switching
And no changes under the Tab for System Tunables
The off t Firewall and NAT where I have nothing under Port Forward yet, and nothing under 1:1
Under the Tab for Outbound I have changed mode from Automatic to Manual and pfSense have been creating manual mappings for me. Three for each WAN interface. Auto created rule for ISAKMP - LAN to WAN5 Auto created rule for LAN to WAN5Auto created rule for localhost to WAN5
And so on for each interface. The reason I did this was a post about problem with Automatic rules in pfSense 1.2.3
If we switch over to Firewall and Rules I have no Floating rules. For each WAN interface I have the rules to Block private networks
and Block bogon networks
In the Tab for LAN I have the standard Anti-Lockout Rule
and the Default allow LAN to any rule
I also added a rule for ICMP to 18.104.22.168 (google.com) which is set to use WAN4GW, this is only for testing if ping go through WAN4GW instead of WAN5GW which is the Default GW
In my Dashboard I see all 5 Interfaces with a Green up arrow and a DHCP Address for each WAN interface.
Under Status -> Interfaces all WAN interfaces looks the same exept for WAN5 that have an extra row with ISP DNS servers
. This makes me wounder what happens if WAN5 goes down. In my case thats not likely to happen couse all WAN NICs are connected to the same Switch. But the monitor IP for WAN5 may go down while my ISP actualy is UP?
Over to System -> Gateways, there is only WAN5GW
(Defaul GW) Online with RTT 45.191ms
and Loss 0,0%
while WAN4GW, WAN3GW and WAN2GW is Offline and all have RTT 0.000ms and Loss 100.0%
If I check under Services -> DNS Forwarder I only have Enable DNS forwarder
And at Service - Dynamic DNS only WAN5 i green and have the correct IP while WAN4, WAN3 and WAN2 is red with IP 0.0.0.0
If I try to ping google.com from my computer on the LAN network it works fine if I don't enable the rule for ICMP to google.com through WAN4GW, when I enable the rule it stops working.
I guess I have missed some major settings or is it not possible to have Multi-WAN through the same Gateway?
Please help before I loose all my hair!
A long post, but I guess you need more information. Let me know and I will get it.