Why is your WebFileServices on a different /29 network when the other IPs are on a /32 subnet? Also, if you're trying to access an internal device from your internal network using that device's external IP address, there's a good chance it's going to return the pfSense login page, or in your case the dashboard since you're already logged in.  You need to test it from a WAN connection that is not part of your pfSense installation.

This was the problem! DLink Router can't route LAN IP's from the WAN side, to the LAN side! How to solve? -> connect the LAN from pfsense to a LAN of the router! Don't use WAN side anymore and DEACTIVATE (!!) DHCP and UPnP on router! Thats it!

Hi, mrbnet! Sorry I was wrong. Despite the OSPF routes already there, you have to put 'iroute' statement with net behind client's gateway in 'Client specific overrides - Advanced' on the server side for each client. It seems to be double work, but this is how OpenVPN works in 'Peer to Peer ( SSL/TLS)' mode. I myself use OSPF for failover only and do not need to expose my home net to main office, so I do SNAT at home and 'Remote Access ( SSL/TLS + User Auth)' . Somehow it works without 'iroute' at the server side/

As set - 80 would be warning (not down) and 100 would be down

It would take some serious funding to speed up, but otherwise it'll be a couple years I'd say. We are looking into using kickstarter to fund larger features like that, but we're still working on the details.

Impossible to say without more info. The system log when the interface is plugged in might help. Also if you're on 2.0.x, you might give a 2.1 snapshot a try. It could also be a problem with the NIC, the cable, or the modem on that line.

I had temporary needed this, too… add an IP alias from new network for each firewall and the rest of IPs can be used again as CARP adresses within this network.

Ok, so I've done some "re-modeling" on my configuration and been able to set up the OpenVPN as WAN and the LAN as my physical interface making the physical interface into the gateway for the OpenVPN and it seems to work without any issues, now I'm just trying to setup a proxy from my LAN (physical) to WAN (OpenVPN) with login but can't really figure out squid. I think I need to use iptables to setup routing not sure how to work this with squid, still trying to solve this but any help would be great :)

I use it at my office and home (which is severely limited on bandwidth) and it works very well. If the WAN3 connection is that bad, change it out for a different DSL provider or something (maybe cable). Either way works.

I am running a similar setup with a dedicated server. You can save one of the IP addresses if you assign a private address (ex. 192.168.1.10) to the VMkernel - Management interface. It is also more secure, even if you can configure access list and lock-down the ESXi host I reckon this is a better approach. Setup pfSense WAN to X.X.X.91 and use Virtual IP's and NAT 1:1 for the rest. To manage the ESXi host I use a IPsec tunnel from a different DC but you could probably change the vSphere Client port (see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1021199) and then do some port-forwarding to 192.168.1.10? Hope this helps.

That is true, but, you can use manual outbound nat to remove the rules auto created for the one that does not need NAT. It would just route those connections since they are internet route-able. The other interface would NAT since there are rules to do so.

Your direct ISP connection should be configured as a separate WAN interface. It will automatically create an entry in System > Routing > Gateways. For your WiFi failover you need to configure your 2nd NIC connected to the access point as another LAN interface and set it to DHCP. This should add an additional gateway under System > Routing > Gateways. The create a gateway group with the LAN gateway in a lower tier for failover and set the group as the default gateway.

Not really. You can add the same IP to the pool multiple times to sort of get that effect. But you may be better off using a package like HAproxy that supports actual weight parameters.

Have same problem here. When I dissable Gateway Monitoring it works. I have tried a high down ping time, ms and packetloss but with same problem. I am running 2.0.3

Hi all. i am new to pfs. i am trying to block all ports and only allow the neccesary ports that i need on our network such as port 80,443, pop3, smtp etc. its about the rule under Firewall. how is the sequence work with the floating rules? is it reading from top to bottom or bottom to top? pls help. rikki

I can only guess, but I assume that traffic is not going to your WAN1 connection because of a misplaced or misconfigured firewall rule. So when you enable these other two rules (WiFi<->LAN) and (OpenVPN<->LAN) either or both of those rules come before (higher on the list) the (WAN<->LAN) rule. I'd need to see how your VLAN, and Firewall rules are set up.  How are you creating the bridges?

sounds like a combo of port forwarding and manual outbound NAT. Setup IP Alias,CARP, or ProxyARP VIP for each that you are going to use. Setup portforwards to forward the traffic into the correct server. Then test to make sure that works. Once that is working, then go to outbound NAT. Switch it to manual. At the top (since it works top down) add each server with any port as the source with destination any. Set the NAT Address to the corresponding VIP.