Some work has been done on a dedicated DNS/DHCP server. See here: http://blog.pfsense.org/?p=244 You could also just not connect the WAN, turn off the firewall, and use the services you wanted. The 2.0beta builds should let you install with a single NIC.

http://forum.pfsense.org/index.php/topic,7001.msg39657.html#msg39657 after searching a lot! Static Routes: The dropdown for the interface defines on which interface the gateway for the remote subnet is reachable. NOT that on the selected interface is the static route applied on inbound traffic.

Well, I did some more research, and according to this post: http://www.tomschaefer.org/web/wordpress/?p=538 The user has gone to manual nat and turned on AON.  Is this necessary?  I'll change the setting today and see if there's a noticeable improvement.

Thanks guys, I'll take a look at these 2 solutions and let you know how I get on. Don't have a VLAN capable switch so I think I'll end up going for Soekris box, that way our other office can have the Alix :)

i fixed most of my problems and now the second wan interface doesnt resolve ip addresses. i have dns problems from the wan2

THANK YOU!!!!!

Do I need two fail over pools? One for cable modem to fail to DSL, and one for DSL to fail back to cable modem? When I set the firewall LAN rule to my cable modem fails to DSL it will on fail over for the 30min right after i set the pool. After that if I unplug the cable modem it will not fail over.

That static route isn't helping, I'm not sure why you've got it there but it seems totally wrong. You shouldn't need any manual static routes for failover to work properly. Is it possible your gateways don't respond to ping? Aside from that static route your configuration looks okay. If you remove the static route and still can't ping the gateways then I'd be pretty certain they're just not responding (or your configuration is incorrect) as they should be on the same LAN segment. You can watch for traffic on the interface with tcpdump if you really can't sort it out, that may point to an issue elsewhere. Aside from that static route (which I think would only break WAN1 if it were to break anything) your configuration looks okay to me, so I suspect that your WAN links are either not working at all, or the monitor IP doesn't respond to ping. For failover operation I would recommend using your two primary/secondary DNS servers as the monitor IPs if you are using the DNS forwarder (pick one for each WAN and keep it consistent). That will create implicit static routes for those addresses, one to each WAN, and will prevent the DNS forwarder from failing even though the failover has worked properly (as noted static routes are the only way to redirect traffic originating at the firewall, like DNS forwarder queries, so if your WAN interface fails the DNS forwarder will stop working otherwise). Otherwise I would manually create static routes so that at least one of the DNS servers in your pool goes out your OPT1 interface.

Thank for the reply. I've added an outbound rule for the ip of the exchange server, but the problem still exists. Is it possible that it has something to do with the load balancing? Do i need to change something in the firewall rules?

from a-diagram if i can change the interface's ip of ISP A and B's Routers to diff ip it will end this problem but … it's about to Merging the network ( two isp while still have clients ( A and B isp's clients and pfSense's clients ) ) and i can't change every clients gateway or even ip of clients if i write full diagram will be like this i can't touch the clients A , B groups ( A will not connect to B ) there some reason about not to touch it i know if i can't change all clients ip i will have to fight this problem but ... onlything i can do is put 3 pfSense ( i planing to use two devices of small os to nat it instead to use two pfSense to nat it and use only 1 pfSense to balance in case a-diagram ) Thanks. -Nito Niwatori [image: a-diagramfull.jpg] [image: a-diagramfull.jpg_thumb]

Sorry for the late reply, been busy with work. Anyway, here are the necessary pictures for the problem: [image: firewallrules.jpg] [image: laodbalancer.jpg] [image: failover.jpg] By the way, I thought the problem was because I was using Realtek cards, so I decided to buy Intel Dual Port Server Adapters, plugged them in my pfsense box and they use the fxp driver. So my setup is three Intel cards using the fxp driver for the three modems and one Intel card using the em driver for the LAN. In short, all my NICs are Intel but I still have the problem. I also tried reinstalling from scratch but still no progress. The 3rd modem traffic is really being left out. Also, I did not touch any setting under the NAT subtab, so no port forwards (because I use upnp), no 1:1 NAT, and default settings for Outbound NAT. I'm leaning towards this being a bug of the new pfsense because I was not experiencing this before. Admins and developers, can you please confirm? I would really appreciate if I can use the full bandwidth of my 3rd modem for load balancing. It just not seems right :( I hope someone can help me. Thanks.

Update: Kept the T1 on the same 4 Port NIC (along with my Public WiFi connection) and moved the backup cable modem to a separate Intel dual-port NIC (that's all I had handy for a NIC was a dual-port – didn't want to use a RealTek single port). Killed the power to the T1, and it failed over to the cable modem flawlessly within 20 seconds. Unplugged the ethernet cable from the T1 router, same deal. And then everything went back to the T1 line where appropriate. Don't know what the deal was, but it's failing over fine now. However, I do see "apinger: command (/usr/bin/touch /tmp/filter_dirty) exited with status: 1" in my load balancer status logs, so I'll have to look into that. In the future, I just need to make sure if I'm going to use cheap NICs (that Sun 4-port was less than $10), I don't put both my WAN connections on a single card as that seems to freak the thing out.

Not sure then. Maybe check the firewall rules on the LAN interface on the primary firewall. Verify the default gateway is set correctly on the secondary firewall and that you have the "Block private networks" option clears.