@terminaladdict:

running beta2 on DOM

will the config be seamless?
can I install on another DOM … boot, then load my saved config
I assume the config defines interfaces rules, ipsec settings, static routes .. everything

no idea what DOM is, but you can restore your config.xml from beta2 to a beta4 or RC1 box.  You will want to remove the load balancer config and recreate it.  There were MAJOR load balancer fixes after beta2
Beta 3 summary: http://hitormiss.ucsecurity.com/index.php/2006/04/17/pfsense-10beta-3-is-out/
Beta 4 changelog (on vacation, I didn't write a summary): http://cvstrac.pfsense.com/rptview?rn=24
RC1 changelog (not yet released): http://cvstrac.pfsense.com/rptview?rn=25

–Bill

OK. Just in case anyone does develop something regarding multi-wan FTP, I'm willing to do the tests.

Better yet, create an alias called cannot_balance or something similar and create a rule to force the traffic out a specific gateway.  Whenever you encounter a site that doesn't work very well simply add it to the alias.  Easier than adding rules for every edge case.

Will double NAT not have any latency issue?

One question, I would like to understand the following sentence, which appears on the "Firewall: NAT: Outbound" page.
"With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN)."

Since I haven't enabled NAT at all yet, pfSense is supposed to be generating the necessary mappings. However, pfSense is not supposed to be creating mappings for the WAN interface (as stated in the quoted sentence). But then, how come I can access the Internet via the WAN interface?
That's the only interface where I currently require NAT to function.

By the way, I don't have a router "in front of me". The pfSense firewall is actually "in front of me" and is acting as a router/firewall.
Note that 10.0.2.0/16 and 10.0.3.0/16 are the same subnet 10.0.0.0/16.

Also, I'm not using a DMZ. Hence, I couldn't really grasp what you meant by "Using the DMZ IP for the pfSense WAN forwards everything to the pfSense and you have full controll there.". Can you please elaborate?

Routing is done via firewall rules (policy routing).  So I don't see why not.  Check out the multi WAN tutorial and how-to's on the website.

http://faq.pfsense.com/index.php?action=artikel&cat=1&id=162&artlang=en&highlight=disable%20nat

Firewallrules will only let the traffic through you specify, so no, unless you set it up wrong it won't route the whole internet ;-)

If this server is accepting natted connections from the outside it will stay on the wan the connection was established.

To make sure any other traffic from this IP will always run on a specific WAN create a pass rule with source <ip-gameserver>port <any>destination <any>port <any>gateway <preferred wan="">You can add those rules depending on püort, destination, source….the gateway specified is the WAN that will be used outbound. This way you can send specific traffic to WAN1, other traffic to WAN2 and the rest loadbalanced between WAN1/WAN2.

Make sure you have correct order of the rules as the rules are applied on a first match basis.</preferred></any></any></any></ip-gameserver>

@hoba:

I'm not sure if this will show up there if you use a mode other than accesspoint.

I assume that you didn't believe me when I said that my WISP is broadcasting it's MAC
addresses.
However you can check it here on this link www.panonnet.net/
Please click on 'MAPA' at the bottom of the page.

Ah, damn, I feel like a dumbass. I don't need to be up this late, haha. Network 192.168.0.0 is on a router on the LAN interface. The LAN interface network is 10.0.201.0

Dear Group,
I appreciate your help, I am still having the same issue I can't seem to resolve, duplicate SYN ACKS  ???
Anyway my rules could be at fault ?

@vd:

Thanks for you answer. I really thought that pfsense could be a solution for my problem. What a pity.

Thanks anyway

Regards

Vincent

Replace the watchguard with pfsense?

–Bill

Ok, a lot of thanks  ;D

You have to add multiple VIPs at wan and then use 1:1 NAT to translate the IP-Ranges. However this is extremely "dirty" but if that's your only way to do it…  :-
I guess you need "ProxyARP" or "CARP" as type "other" doesn't involve macreplies.

@RoboK:

HI, what abou t your problem with FTP. I have the some problem with listing FTP site if I ahve configured and working Load Balancing. Any ideas to resolve it?

FAQ.  FTP does NOT work with load balancing.  Search the faq before asking questions.

you can put as many IPs in the pool your hardware can handle (nics, cpu-power,…) It's plain roundrobin. You can fake some "weighting" by entering some of the gateway IPs twice in the pool (A,A,A,B if you want it weighted 3:1 for example), and yes, already established connections will remain at the same gateway they were originally initiated.

Thank you CraigRoy for your detailed description.
I was fighting with the same problem and finally your case study helped me to solve it.

Solved/moved:
http://forum.pfsense.org/index.php?topic=677.msg6547#msg6547

Turned out to be only a matter of the way it was tested. It seems that it worked right from the start :)