Create an 1:1 nat on firewall -> nat -> 1:1 with your WANX (one that nobody is using) and your ubuntu ip address, this will enable all traffic to, from, your server.

If WAN1 is dedicated to your IP phone, why don't you use 1:1 nat?

I don't get it, probably it's because your nating.

Alright, thank you guys!

It'll Pass all the traffic to alive gateway in case of any one wan fail-over!

only way for that to show up like that is if it's destined to the MAC of the firewall, or broadcast. The latter is highly unlikely. Seems likely the 192.168.10.111 device has a wrong subnet mask on it so it's trying to send that traffic via the firewall, not recognizing 192.168.8 as local.

@edwin1188: buenos días, también presentamos el mismo problema y no sabemos como resolver o si hay que configurar algo adicional. Buonos dias, tenta aqui: http://forum.pfsense.org/index.php/topic,49702.msg265524.html#msg265524

We have looked into that before but had issues with it. We may revisit it again once we're on FreeBSD 10.

Nothing obvious there - except I need to update my own ESXi  ::) Is the LOM the only NIC?  It's a bit unusual using that with anything but management. Do you happen to have both tagged and untagged VLANs on the same interface. Good luck with the Netgear site.  I've been there before.  Had to try three different browsers before I got one that worked.

Hey ImageJPEG Like gderf said, you cannot have two gateways with the same IP. Instead what you want to do is assign unique gateways, even if you want them as seperate LANS, you can do this later by simply assigning a firewall rule to block any outgoing and incoming connections with the two. Just a questions, are you using internal IPs are examples or are you trying to setup LANs? If you are trying to setup LANs you can use LAN1 - 192.168.1.1 LAN2 - 192.168.2.1 As far as WANs you can use whatever information your ISP gave you, usually in your CIDR. Gerardo

Hi skygizmo What are you trying to accomplish? If it is redundancy, having to Comcast connections probably wont give you what you are looking for. If it is bandwidth + ip block, i would look at the business plans tiers (pricing and such) and see if it cost effective instead of two different packages. If you then are trying split a home network and business network, that can be accomplished with pfsense and a managed switch.

as would be ideal? I have to use vswitch? NAT interface is an alternative? NIC1 - NAT mode - em0 - NIC2 - bridged mode - em1 - IP Static NIC3 - NAT mode - OPT1 - or NIC1 - NAT mode - em0 - NIC2 - bridged mode - em1 - IP Static

Update: Since my last post we have moved to our new location. There are quite a few things that I have learned in the past weeks concerning multi wan, PPPoE and PPPoA, ML-PPP and DSL in general. With Podliarius' information/translation I was able to convince my provider that the setup as proposed would work. Unfortunately, we ran into quite a few snags along the way. We purchased two TD8816 modems, but these we unable to provide the required bridging. RFC1483 is not the same as PPPoA -> PPPoE media conversion. PPPoE only works if the ISP actually has the protocol running somewhere. In the case of our ISP as I understand it, everything is pure ATM until past the DSLAM. Instead, we needed modems that were able to masquerade as PPPoA client in a transparant fashion, while providing a PPPoE server on the router's side. Searching this forum, I came across a post by Stephenw10 referring to a specific modem capable of PPPoA -> PPPoE translation. We purchased two of these modems and pfsense was able to connect to our ISP through them. However, ML-PPP does not seem to be active. We contacted our ISP and they insist that they have explicitly enabled ML-PPP on their end. In the PPP log, I see a lot of chatter, but I am unable to determine if pfSense is even attempting to connect with ML-PPP. ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM c29a637b ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #175 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM c29a637b ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #174 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM c29a637b ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #173 ppp: [wan_link1] LCP: state change Starting --> Req-Sent ppp: [wan_link1] LCP: Up event ppp: [wan_link1] Link: UP event ppp: [wan_link1] PPPoE: connection successful ppp: PPPoE: rec'd ACNAME "Vigor2000 PPPoE" ppp: [wan_link1] PPPoE: Connecting to '' ppp: [wan_link1] Link: reconnection attempt 1630 ppp: [wan_link1] Link: reconnection attempt 1630 in 2 seconds ppp: [wan_link1] LCP: LayerStart ppp: [wan_link1] LCP: state change Stopped --> Starting ppp: [wan_link1] LCP: Down event ppp: [wan_link1] Link: DOWN event ppp: [wan_link1] PPPoE: connection closed ppp: [wan_link1] LCP: LayerFinish ppp: [wan_link1] LCP: state change Req-Sent --> Stopped ppp: [wan_link1] LCP: parameter negotiation failed ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #172 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #171 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #170 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #169 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #168 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #167 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #166 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #165 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #164 ppp: [wan_link1] ENDPOINTDISC [802.1] 00 e0 2b 89 f2 28 ppp: [wan_link1] MP SHORTSEQ ppp: [wan_link1] MP MRRU 2048 ppp: [wan_link1] MAGICNUM 3be9b6e4 ppp: [wan_link1] MRU 1492 ppp: [wan_link1] PROTOCOMP ppp: [wan_link1] LCP: SendConfigReq #163 ppp: [wan_link1] LCP: state change Starting --> Req-Sent ppp: [wan_link1] LCP: Up event ppp: [wan_link1] Link: UP event ppp: [wan_link1] PPPoE: connection successful ppp: PPPoE: rec'd ACNAME "Vigor2000 PPPoE" ppp: [wan_link1] PPPoE: Connecting to '' ppp: [wan_link1] Link: reconnection attempt 1629 ppp: [wan_link1] Link: reconnection attempt 1629 in 4 seconds ppp: [wan_link1] LCP: LayerStart ppp: [wan_link1] LCP: state change Stopped --> Starting Regardless of ML-PPP, both DSL connections work and I can choose which IP I want to use on WAN by using the login data for either DSL connection. So, we are three quarters of the way there. Can someone help me figure out if there is something wrong on my end or if there is something my ISP needs to set up?

NP. Just starting with the basics. I would ditch the 1:1 rule for now. That is not doing what you think it is. The AON (automatic outbound NAT) is mapping it to only 1 IP address, the WAN address. Looks like you will need to port forward anything else internally.

I meant 443 is going out through failover gateway group by policy routing rule.

This is possible with 1:1 NATing. I have a /29 range of IP addresses but they're static.  If you're going to get the same range of 5 public IP addresses from your ISP you should be fine.  If not there's no practical way to re-map a new address range to the routes you've already established.