I am sorry for confusion. This case is resolved. The problem is with crappy IE whatever version. In FF and Chrome all messahes on PFSENCE are OK. Just did a cron job according http://forum.pfsense.org/index.php/topic,25732.45.html and all is done well. Thank You Pfsence forum for a great job. This is one of the best forum site with OPEN source ever used. Thank You guys. Regards, MST

I don't see anything in your original post that would suggest that you want to bridge interfaces. Unbridge them and make firewall rules as follows: LAN interface TCP  LAN net  *  Server  80  *  * *      LAN net  *  !OPT1 net * *  * OPT1 interface TCP  OPT1 net  *  Printer  9100 * * *      OPT1 net  *  !LAN net  *  *  * The above rules assume that your server is listening on port 80 and the printer on port 9100; you'll have to adapt them to your situation. Use automatic outbound NAT.

Your hosts don't need any vlan configuration. If you have hosts plugged into ports 11-15 on the switch and you want them to be on vlan 15, you simply set 'switchport access vlan 15' on fa0/11 – fa0/15 in the 3500.

have you considered putting both WAN interfaces on each pfsense box and use carp to failover? alternatively, you could have pfsense box 2 be tier2 of a failover on pfsense box 1, and vice versa.  You could load balance and failover also.

I have a similar setup. WAN – x.x.224.55 (pppoe) LAN -- 192.168.x.x OPT1 -- x.x.225.178/30 The client connected to OPT1 is x.x.225.177/30. Automatic NAT is turned off in pfsense and I have created an outbound NAT rule on WAN for 192.168.x.x, so the host on OPT1 is routed without NAT. That takes care of the routing. Now for the vlans. I'm a little less familiar with vswitches, but on the pfsense side I would use one NIC for the LAN and create 2 vlans on the other NIC for WAN and OPT1. You'll have to do something in esx to trunk the 2 vlans to the one NIC.

It only works only on the WAN if you use the FTP-helper. If you disable the ftp-helper on all related ports, configure manually a passive port-range on the server and then forward 21 and <your_port_range>from WAN and OPT1 you can access it from both. Also see: http://doc.pfsense.org/index.php/Howto_setup_ftp_server_behind_pfsense</your_port_range>

There might be a way to do this with squid, but not in our GUI, and your second WAN would need to have a static IP. Not sure about the others, but I know Pandora is 208.85.40.0/21 and Rhapsody is 207.188.0.0/19. Doing this by IP range is really the only viable way without a proxy. By the time any direct connection could be inspected, the connection to the remote server would already be established so it could not be rerouted at that point.

yes, if that doesnt work try putting LAN2 net for the destination, also have a default any-any rule in there

So again (i hate that), I am speaking to myself … According to this post: http://forum.pfsense.org/index.php/topic,29657.0.html my planed setup should work. BUT, according to this posts: http://forum.pfsense.org/index.php/topic,5439.0.html http://forum.pfsense.org/index.php/topic,21077.0.html http://forum.pfsense.org/index.php/topic,11155.0.html http://forum.pfsense.org/index.php/topic,26479.0.html and this bug-report: http://redmine.pfsense.org/issues/729 there are annoying behaviors in bridged setups with more than 2 interfaces. So could someone give me some hints regarding: Lets speak in pfSense words: WAN1 --- WAN   (NAT)   LAN  --- LAN1 --- Switch --- if_lan              pfSense                               Multih. server WAN2 --- OPT1 (BRIDGE) OPT2 --- LAN2 -------------- if_wan I do not want that anything from WAN-LAN is traversing to OPT1-OPT2, means no TCP/IP no ARP no … nothing. Regarding above posts and bug I am not sure with that. To make it clear: My intention is to have "2 firewalls" combined in one box. The 2 walls should be seperated as much as possible. Is this possible with pfSense? Thanks. Regards, CD

I see. I was hoping for something more automatic, but I guess I'll have to wait for 2.0 and pray that sticky connection will work there. Anyway, thanks a lot! I'll keep that in mind.

You need two wan interfaces on different subnet's http://doc.pfsense.org/index.php/MultiWanVersion1.2

In short, my current traceroute looks like this: 1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1] ** 2     8 ms     9 ms     9 ms  isp-router.isp.net [123.x.x.234]**  3    17 ms    18 ms    25 ms  server-nat-address.my.net [x.x.x.65] (this is actually my pfSense box using NAT)  4    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] (this is the server the address is 1:1 NATed to) But I want it to look like this: (I don't want packets from the inside to go all the way to the ISP router, I want them to bounce straight from my router to their destination, if they're one of my addresses) 1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]  2    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] So first, is this possible?  If so, can someone please tell me how to get my pfSense box to do it? Thanks in advance.

Doh! I solved my own problem. It was totally a "layer 8" issue. For some reason, I stupidly set the netmask on the WAN connection to 32 bits! Setting it to the correct value (in this case, 26) fixed the problem and gave me back a default gateway in the routing table. I hope that helps some other fool like me.  :)

Sorted with update to v2.0

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x