Thanks for your guidance, I have followed it,and I can get ping of the gateway of WAN2  now. I have set the PPPoe in the router,and set it as WAN2. but after I can not connect to the internet after stop WAN. Any advice?

@stevemitchell: Yes, I inherited this mess from another person who is no longer with the company. We have gotten it down to a list of 10 or so routes of larger subnet masks, which should be better than 100 :) Oh those are always fun. Well, at least you got it down to 10. @stevemitchell: Also, I bought the book last week and read the entire thing this weekend.  Well done - and I did see the CIDR details in it as well. Great, thanks!

Lan and wan are bridged. I just turned off the advanced option "Bypass firewall rules for traffic on the same interface" Did not help. What I have found out is that my Mcafee firewalls on our clients have started treating its own subnet as an un-trusted network. I do not know if this is a coincidence it happened the same day I installed the pfsense firewall. To fix it I had to manually put in the IP address for the trusted network on each machine.

That works! I don't know why I didn't think of that. I did have a lot of ports to forward, but aliases make it a little simpler. I control which gateway is used for the servers with a LAN firewall rule like all the user systems now. I tried using outbound NAT rules, but it seemed to break everything as soon as I enabled it. I can't create firewall rules to use a virtual IP as the outgoing gateway. I guess I will keep a 1:1 NAT mapping for my mail server. Obviously the mail server needs to send mail from the IP which its domain resolves to, which I think was why I started using 1:1 NAT to begin with.

@eihcet: Lastly, has anyone purchased the PFSense book, is it mainly a hardcopy of the WIKI guides online or does it expand upon items like this? The wiki guides aren't all that great, they were written by outside contributors. The multi-WAN coverage in the book is extensive, and written by the person who has done more of those setups than anyone (i.e. me  ;D), it's far and away better than anything freely available. @eihcet: However, when it gets to the gateway section I can only select gateways from the drop down list, of which none are the right option and I can't manually type in a gateway address… My choices are: Default 10.1.10.1 LoadBalancer Wan1FailstoWan2 Wan2FailstoWan1 I've got it working now using a failover rule "WanXFailstoWanY".  The guide makes it seem as though you can specify just the one gateway and if there is a failover it'll just block the traffic The individual gateways as you have them configured are there, 10.1.10.1 would be your OPT WAN, and default is your WAN. If you pick one of those it will behave as you describe. If that gateway isn't right, your interface isn't configured right.

There isn't any way to properly accommodate shaping in that scenario at this time.

You could, with caveats. Reconnection wouldn't be guaranteed to get the same server if the previous connection was closed and expired from the state table. It's best to use either something like Citrix for that, or MS NLB, but it should work.

Please login to forum  and  You can view image…

The VPN is just Routing and Remote access that is a Windows Server Role.  I do not physically get two IP addresses when I connect to the VPN, but I can ping both sides by dns or IP.  I get a .0 address, but can not RDP or go to the web portal of anything on the .10 network.  I am not sure what you mean if this is bridged.

which date of snapshot are you using? Sounds like this issue, possibly: http://forum.pfsense.org/index.php/topic,19763.0.html If so, upgrade to latest snapshot.

They do not have any static routes. Just the simple VPN connection back to the Netscreen 25. The 25 handles all the routing for the remote VPN connections. The Issue is I cannot find any way to tell the Netscreen to send all its traffic out the local Ethernet interface to the pFsense box The pFsense box can route to the netscreen just fine. And to recap I can ping sweep across all subnets from the home lan but they cannon ping me at all. Thank you so much for the help!

Thanks for that advice.  I altered the setup to use 2 real interfaces on my alix and configured a separate switch port to send the data for the VLAN to the second real interface.  Routing now works. I think this may be a better approach for another reason also; My understanding is that, since the NIC chips in the alix board don't natively support tagged VLAN, there might have been performance and/or MTU issues the other way.  This way, the switch can do the work of untagging the frames and PFSense just routes. Jeff

@ermal: You need to specify for rules regarding server X the no state otherwise pfsense will block the traffic because of the state keeping. I'm totally new to pfsense, might you have some example URL's or more information. Thanks so much. Mike