My mail server sits on an internal lan with a address scheme of 192.168.10.0/24. I have a NAT rule that associates one of my public IP's to the mail servers IP. As an example the NAT rule looks like this 62.62.62.62 -> 192.168.10.62. I then have rules on the WAN interface to open up the FW for the ports i need for my mail server (25, 465, 143, 993, 443) these rules all have a destination of 192.168.10.62.

The static IP's for the mail server comes from the WAN connection which is a static IP connection. DNS is setup to point the domain name for my mail server to the public address of 62.62.62.62

My second WAN connection (WAN2) is a DHCP connection which is load balanced with the first WAN connection. The load balance setup works and I'm able to search the internet fine and speed test result in the results i expect. The only issue I have is i cannot connect to my mail server via the internet. On the internal network it is fine.

Please let me know if you need additional information.

Thanks,
Judd

NOPE

No solution to this yet.

In fact i feel that while PFsense has matured from a codebase standpoint, it has seriously regressed from a reporting and user management standpoint.

I have felt that the PFsense team has never really focused on the user facing reporting, monitoring and telemetry aspects of this platform.

Even in the latest release this has continued in that they have even gone so far as to remove the ability to email RRD graphs to administrators.

I am forced to look elsewhere for a firewall solution so that I can properly do my job as manager of getway services for my clients.

This issue is solved. The problem was in the virtual interface assigned by OpenStack

I dropped the interface and added a new one. After configuration in pfSense the interface works fine.

This issue is solved. The problem was in the virtual interface assigned by OpenStack

I dropped the interface and added a new one. After configuration in pfSense the interface works fine.

+1
I also tend to receive multiple mails.
Known bug: https://redmine.pfsense.org/issues/4031

You can do this without RIP, it's far cleaner and more secure.  After disabling RIP, the trick is to add a return route from the pfsense box, back to the L3 switch.

Sorry for the late response, i did not find a solution, but it doesn't really matter anymore since the school project is at the end.
Thanks though for all the input!

thanks for the responces, I'm attaching a drawing of my network. If my question is a dumb question, keep in mind I'm mostly a coder but because I'm the GM of a small software company, I am the defacto network administrator, even though it's not my strength.

There is no real good reason to have the VM on network 192.168.1.0, but the test cloud infrastructure does need a seperate network with access to the internet.
to the best of my knowled there is also no need to have the PFSense FW on the network 192.168.1.0. Originally the swith had a static route to ip 192.168.3.2, but when the cloud infrastructure did not have access to the internet I added the 2nd LAN to PFSense and VM to make easier to test and trace the traffic.

Again thanks for the help!!
Carlos

network_design.png
network_design.png_thumb

Yes, update is important.  I am not familiar with Cyberoam devices but I am 100% sure that with a proper load balancing setup you can achieve the combined bandwidth using pfSense.

Okay, then. Post the logs.

I finally realized that it was default LAN Firewall rule that was only allowing packets from a LAN subnet IP address.

Add a Pass rule on your wifi interface to allow access to the printer's IP address on LAN.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

post screenshots

screencapture-177-159-238-186-8443-system-php-1477333405652.png
screencapture-177-159-238-186-8443-system-php-1477333405652.png_thumb
screencapture-177-159-238-186-8443-firewall_rules-php-1477333444573.png
screencapture-177-159-238-186-8443-firewall_rules-php-1477333444573.png_thumb
screencapture-177-159-238-186-8443-system_gateway_groups-php-1477333344724.png
screencapture-177-159-238-186-8443-system_gateway_groups-php-1477333344724.png_thumb

First of all, you do not need to setup separate gateway groups for failover as well as firewall rules for the same. pFsense automatically uses the gateway currently online.
Secondly, you did not select 'LAN net' in Source in LAN rules.
Still need help ? Just give a quick reply.

xinetd is not switching anything to do with WANs. It's only handling the local TFTP proxy. That message doesn't indicate anything to do with which wan is preferred or default.

No that is not how it would be done.. Even if you wanted to use multiple pfsense, that is NOT how it would be done..

Completely agree with Derelict, this would be much easier with just 1 pfsense and multiple segments.  If have spare hardware setup a carp, etc.

Yes. Put it on an available OPTX interface.

The point is to NOT perform NAT for those addresses, Not to add a NAT rule.