You don't need to do anything special.  Automatic outbound NAT works just fine with portal clients.

thx for your reply

@Derelict: Set OPT1 to /24, Check DHCP, check NAT, make sure your pass rule is there on OPT1 and it'll work. Well… I didn't have DHCP checked for OPT1. Needlessly to say I feel like an idiot, but thank you so much. It works now  ;D [image: DHCP.JPG] [image: DHCP.JPG_thumb]

If it is routing from LAN to WAN and you haven't done anything special, pfSense is performing NAT. You're going to have to reconfigure your network so you can route directly from the CP clients to wherever you're going without going through NAT.

Well - I don't typically go around telling people how to double NAT their pfsense on purpose, but I've not another good answer to your problem.

Well I managed to figure out a way to get this to work. I had to doo two things. 1. Add the default gateway on the lan interface. Please note that doing this alone will not give the desired result. In fact, clients lose internet connectivity if nothing else is done. 2. Add a static route to the update server. After I did this, I could now update packages and the clients regained internet access. Is this the desired behavior?

try this option in squid custom options tcp_outgoing_address 127.0.0.1 should work, and try to search the forum you will find many helps.

This is probably better directed to a ddwrt forum.  Everything you need to change is in ddwrt.

Create a new gateway of 192.168.160.9, then create a new route to direct all traffic destined to 10.6.0.0/24 to that gateway.

New connections would flow via the newly activated WAN, old connections would be left alone.

we did a fresh install and no the access via Webfront does not work any more. any ideas what is wrong?

Hi, Could not see that option there.  Suggestion of editing XML file worked a treat, just used Excel to construct all the strings and pasted them in. Also used this method for a couple of other things, such as interfaces for VLAN's, worked a treat and has save a LOT of time. Menus are a little overloaded now though, wish there was a way to make them display/sort better! Roofus [image: 2014-09-12_09-42-37.jpg] [image: 2014-09-12_09-42-37.jpg_thumb]

Yep, the problem was with WAN being detected as down. After changing the monitor IP to an outside source, WAN was detected as up and PFSense would automatically (and very quickly) switch traffic back to WAN when WAN2 went down. It looks like PFSense will try to push traffic even when it does not detect a live gateway. So when it detected both gateways down it would try pushing traffic through the higher tiered WAN2. I have solved my own problem. Though that is good it has denied me of any wisdom you guys could have given. But this won't be the last problem I will run into so until next time  ;D FYI Sprint runs some heavy NAT on all their devices. They use a wide range of IPs between your phone\modem and the internet. I found this out one day when I was trying to forward ports through my phone. The app I was using was reporting an odd IP that I did not recognize as Sprint's. A quick search online told me the IP belongs to the CIA. After a heart attack and some more digging I found that Sprint uses this range as part of their internal routing.