Now I Feel Like a big jerk…... when I switched networks,  never bothered to change my gateway on my bittorent server.  just a simple route del / route add, and the packets are flying........
Everything is flying down the right paths and which is nice,  I think I can do just fine right now with what I have,  not bad for my house

BTW..... this is a wonderful project.  Keep up the good work.  If you every need a half wit like me to beta test I will......  just be warned RTM is going to be my first tatoo

This has been covered 4 times.  I am not kidding.

Please search.

A PIII 500Mhz can do 80Mbps to 90Mbps with just a single WAN connection (WAN->LAN, LAN-WAN), using packet filteirng and NAT.
(Same with a VIA C3 1Ghz…But I was using Intel NICs)

Once you start adding things like Squid, Samba and such, it drops down.

It won't be a problem for 2x 10Mbps lines.

@charles.regan:

I think i'Ve found the problem.
my monitor ip where all the same for all gateway.

i've checked the routing table and the route for the monitor ip was rl3.
that should explain the problem. weird that it worked since version 0.6.

what should be the monitor ip ?
if my gateway is 201.120.51.1, can I use 201.120.51.1 as the monitor ip ?

thanks

It will add a route for the monitor IP to the refferenced gateway. If you enter always the same monitor IP for all gateways it will overwrite the previous route and you'll end up with only one route. The monitor IP should be different for each gateway. You should set the monitor to a hop near you at the appropriate interface. Depending how your connection is set up the gateway IP or the first hop after your gateway might be a good choice.

VIPs of type ProxyARP and Other might work depending on the way your connection is set up. For the command line type alias you'll have to wait for 1.1.

Guys – monitoring is currently broken.  We're working on a fix.  This should be set to go in Beta 3 which is scheduled for release tomorrow but this issue may push us back to Sunday.

I could uploaded them on my server with your name and stuff if you'd like… :)
Just contact me! :)

thanks figured it was something simple.

just when i did status.php in m0n0wall all my routing entries went back to loopback and had no direct route. So i thought i had to add them "statically" using the iproute command.

I recommend upgrading pfSense to the latest snapshot (as of Apr.1/06); it has an olsr fix.
As for the questions, I also am interested in any answers posted.
-pc

The "alias" VIP-type will be in pfSense 1.1. CARP only works if the additional IP is in the same subnet of the real interface IP. If that is the case it should work. You'll need additional firewall rules for the CARP IPs to allow this traffic depending on the rules of the Interface the additional IP is configured on.

Hi,

Thanks for your answer sullrich .. and thanks for compiling my kernel ;)

I fixed this updating with the latest cvs release.

Now it worfk fine :)

Regards,
ron.

You only were referring to the wifi clients accessing the dsl modem in your previous posts. Actually a lot a whole bunch of routes is needed at pfsense1, pfsense2 and the DSL modem if the Modem should be accessable from everywhere.

add the routes you need at system>static routes.

Thanks for letting me know what truely was the limitation on DHCP. I assumed it not working was deeper than the problem of always having your gateway address change. Everything appears to be working great now. and time to start digging/tweaking some of the other features.

-Phatty

Hi again,

There are some problems with the Squid package (or maybe not) and probably the inerent rules it creates (that I don't know how to see them).

To have access from a workstation to the Net (HTTP, HTTPS, FTP) with or without Squid I had to:

1. configure Squid in transparent mode (still I can use it manually by chosing de IP from pfSense and the port 3128 (I usualy chnage the Squid port to 3328).

2. Service -> Squid ->Network Access Control - Allowed Subnets -> 192.168.1.0/255.255.255.0

3. Edit /usr/local/etc/squid/squid.conf and change the line "http_access deny !pf_networks" to "http_access allow pf_networks". This was the only way I found to get HTTPS and FTP, besides HTTP, working under Firefox with a manually configured proxy.

I don't know if this helps anyone or anyone can help me.

Best Regards,
Joao

thanks !

Able to open incoming connection from internet to lan for spesific port via Port Forward and NAT 1:1 via WAN interface.

Some questions:

FTP download is very-very slow on WAN interface from internet (already open TCP FTP and TCP 55000-60000 for Passive FTP). Unable to ping the OPT1 interface from any (already open ICMP connection to it's IP). Unable to ping virtual IPs on OPT1 interface from any (already open ICMP connection to it's virtual IP).

Userland applications on FreeBSD are not multi wan capable (in a nutshell).

The reason we get multi-wan in pf is because pf bypasses the internal routing table in this case.  So when we redirect FTP to userland, we loose multi wan capabilities.  Same holds true for squid as well.