Help? Pretty please?  :P

What version are you running? Are you currently running any custom static routes?

The you need to disable NAT only on the PTP interface. So go to outbound NAT rules, select automatic rules which generates NAT rules for all interfaces. Then switch back to manual outbound NAT rules. It shows you all the rules and then you probably only need to delete the rules for the P2P interfaces - on both sites. But the static routes on both sites must still be configured. And the firewall rules on the P2P interfaces must allow traffic from the other site.

Add the port to squid's list of safe ssl ports.

@jimp: At the moment we don't have a good solution for that. You could try your hand with OpenOSPF, but it has some quirks. Quagga does support BGP but we don't have a GUI for it yet. I had problems with OpenBGPd + Quagga in combination when they both try to route public IPs/areas ( I hoped that OSPF could manage our AS "internally" and BGP does the public connections)… They changed "foreign" routes each other and so they provoked crashes of the other service each. So best is to use them in non conflitctable networks... e.g. we use BGPd for public IPs and OSPF for internal networks only (192.168.x.x).

OK I removed the gateway from the VOIP network, and it's routing just fine now, thanks.  ;D

You can't do that with CARP. You need both WANs on both units if you want to use CARP. If they are actually isolated on the LANs and don't do CARP, then using a dummy interface between them may work fine if they both treat it as a WAN and have appropriate NAT.

I sent the isp an email asking them this. Let us know what you find out from them. I'm tempted to try RouterOS. They told me this: The issue with your MLPPP setup was due to an upgrade we made in our system. We copied the existing running config, and it appears that with the upgrade, additional changes had to be made. The reason that your connection was not working when your second modem was active was due to both of them attempting to run as individual circuits and not being bonded. The next time either of your circuits drop, the MLPPP bundle should disable and the circuit single circuit should still work and depending on how your router functions, no changes should be needed. I will try disconnecting one line myself and seeing what happens later.

For those interested, I figured out a workaround to my issue… I added the following to the end of /usr/local/sbin/vpn-linkup... route add -net 192.168.1.0/24 192.168.13.253 It's a hacky way to do it, but it adds the route when the pptp connection is established.

That means it's not plugged into anything, or not plugged in with the right kind of cable (xover or not), or bad cable. Doesn't have link.

I think letter "a" is the answer. Basically what im trying to do is Im trying to access an AP(10.0.0.91) in my LAN2 Subnet (10.0.0.1/24) from my LAN Subnet (192.168.0.1). I configured a firewall rule in may LAN2; Action: Pass Interface: LAN2 Protocol: ANY Source: 10.0.0.91 Destination: 192.168.0.3 Other Options: default. But Still I cant access its web configuration. Help PLease

That is interesting, since my setup is the same, and that sounds kind of like what I have going on. What I just can't square with that, though, is that just flip-flopping the monitor IP (which also restarts apinger) resolves the issue. I do find some of the log entries upon changing the monitor IP interesting (10.x.x.x is cable gateway, 96.x.x.x is cable upstream router, 192.168.x.x is wireless gateway, 71.x.x.x is wireless upstream router): Jun 5 14:35:23 check_reload_status: Syncing firewall Jun 5 14:35:24 php: /system_gateways.php: ROUTING: setting default route to 10.x.x.x Jun 5 14:35:24 php: /system_gateways.php: Removing static route for monitor 96.x.x.x and adding a new route through 10.x.x.x Jun 5 14:35:24 php: /system_gateways.php: Removing static route for monitor 71.x.x.x and adding a new route through 192.168.x.x Jun 5 14:35:24 apinger: Exiting on signal 15. I'm going to do some searching on that and see what I can come up with.

If it's using mDNS, and I'm not sure if PLEX does, you'd need to use something like avahi.  I'm using it now for mDNS on two physically separate LANs and it seems to work as expected.

In your first drawing you had 192.168.11.0/24 addresses on the links to both gateways. So I guessed that you did not have this setup already. When yyou say: don't want to change something I'm not supposed to it makes me think you have a production network running at the moment, with some version of connections close to what is in the drawing. If that is the case, then you are going to need to find some "late night" down time and make sure to backup all config before changing/testing. From my head, the process is: Set LAN address to 192.168.11.26/24 Set WAN address to 192.168.111.27/24 and add a gateway to 192.168.111.250 - it will be the default gateway "by default":) Assign OPT1 to the NIC for the backup link, give it 192.168.211.28/24 and add a gateway to 192.168.211.254 Edit each gateway, specify an alternate monitor IP that is on the real internet and responds to ping  (e.g. 8.8.8.8 and 8.8.4.4) - it is no good monitoring just the 192.168.n.n gateway addresses, they are likely to be up all the time. Add an alias that includes all the private networks you are using. The easy way is to make an alias "Private192" for 192.168.0.0/16 Add a Gateway Group "MPLSpriority" - make WANGW tier 1, OPT1GW tier 2. Add a rule on LAN, before the allow all rule, that says: source LANnet destination not Private192, gateway MPLSpriority (the gateway for a rule is in the advanced section of the Firewall Rule Edit GUI page) What have I forgotten?

Ok, so am I understanding that you are dumping 5-6 separate networks into one (non-vlan'd) switch? If so, what would motivate you to something like that? The noise you hear is Dave Sincoskie spinning in his grave.