As an aside I would still be tempted to IPsec the traffic even though the wireless might be encrypted.

You could use IPsec transport mode for that.

I just updated to latest 2.4 hoping to use the brand new IGMP proxy.
But unlukly I'm facing the same problems.
Same errors of m4rv1n.
I read that in the past was possible to use IGMP proxy.
Is there any chance to get it working again?

Anyone?

If you don't understand my question, feel free to ask.

you may be also like it k-12 tool is a free online tool which provides help to college and school district technology directors, state leader who can view broadband services and bandwidth information for school. All IP Address ranges are technically routable. that a private network with an RFC 1918 IP range can reach the public internet without needing these private network routers to be published. You can use them with routing protocols like OSPF, BGP. https://babasupport.org/routers/tp-link-customer-service/778 provide you best solution for all technical issues that may be the router, software etc.

try: System -> Advanced -> Miscellaneous : [v] Enable default gateway switching  - check on
works for me

2.2.5-RELEASE (i386)
built on Wed Nov 04 15:50:18 CST 2015
FreeBSD 10.1-RELEASE-p24

@IB:

3. How I can check gateway state externally? In Zabbix agent or SNMP monitor I can check interfaces only, no gateway. Write own script (with ping, dpinger, etc) only? Or method for check pfsense gateway state exists? By log monitoring (see #2), or some command execution?

In Zabbix you could try adding a trigger for something like {pfsense:net.if.out[igb1].last()}=0 using the Template OS FreeBSD > Network Interfaces to tell if there's been no outbound traffic on an interface for a period of time.  I think you need the Zabbix agent package installed for this to work, but not positive.

I have something like this monitoring both WAN interfaces and it seems to do the trick.

Bill

@jbcel:

Hi burnsl,

from what I have been told here it will not work if you have your public IPs inside your pfSense machine, at least the data will not leave WAN1 and come back over WAN2 but will use the internal route from WAN1 to WAN2 - so this is not suitable to make a speed test.

If your public IPs are not inside pfSense you should set the gateway to WAN1 in a ftp rule for LAN to WAN2 IP .

Jens

Understood now.

I just spun up a free AWS instance and put filezilla on it.  (so much easier)

don't do it on floating… policy routing should be done on the interface the traffic enters pfsense on..

Yeah, that's already done. It works great with the Cisco CSR 1000v devices but I can't seem to figure out how to make it work properly within pfSense.

Were you ever able to figure out the cause of this?

I'm experiencing the same issue.

Yeah there must be something somewhere that doesn't clear that in certain cases. I have only seen the end result - never the actual event - and then only a couple of times.

Glad it worked.

The answer was indeed a missing NAT entry on the main offices Firewall.

Tanks.

I got an idea from a reddit user:

have a device on the network spoof the mac of your WAN interface and do a DHCP request on a schedule

This sounds like it could work.  Could I use something like a packet squirrel that would run a script, every day it could spoof the required MACs, do a dhcp req, then go dormant until the next day?

Since I have a switch on the WAN side to split the WAN to the two firewalls, I could just plug it into that switch.  It would pull all three necessary IPs once per day.

Is this x.x.186 network public - why are you obfuscating it?

Please draw your network.. Saying you have network A and network B doesn't tell us how you have it connected together.  Any router connected to another router should have a transit network, or more likely then not your going to have asymmetrical routing unless doing host routing on each device in what is the transit network.

I have created Multi-Wan Gateway in pfsense

Wan-1+Wan-2+Wan-3+Wan-4 = Multi-Wan default Gateway

Then Vlans are created and assigned to the LAN interface

-> Rules are created in each vlans as protocol ->  to destination ->any

same vlans are created in an L3 switch and Trunk is configured to provide access to all the vlans All the vlans are routed to the pfsense firewall

* The IP name server is the x.x.x.x(pfsense ip address) and the secondary dns is

Now internet is working in all the vlans, I am able to access the pfsense firewall via browser from all the vlans. But there is no ICMP reply for the ping. No ping to firewall or any other sites. I am unable to download any package via wget. please help me out with this problem.