I would think you would use more resources in a bridge.

Thanks for the reply. Its a bit hard to explain but I would have to change a lot of the network infrastructure to get it on the WAN side. Is it possible to run a virtual WAN that points to an IP address on the lan side?

The newer version of PF is a bit stricter on asymmetrically routed traffic, the "bypass firewall for traffic on same interface" works around that though. Aside from that, there isn't any difference in that scenario. There isn't anything you used to be able to do that you can't do now. What protocol does this problematic application use? Does everything else work (primarily TCP traffic, pings and UDP aside)? What does a packet capture look like?

Does any of your firewall rules have a blue "A" on the left hand side? This indicates advanced options. It could be you have advanced options to limit number of states or how fast they are opening. I am guessing though. By bypassing the firewall on the same interface will remove that problem. Glad it is working for you.

@jimp: No, IIRC they use some form of LACP over OpenVPN TAPs Probably using the Linux Bonding driver http://www.kernel.org/doc/Documentation/networking/bonding.txt I've done such a setup in the past on Linux and it worked pretty well.

Hi, The problem is not with advertisements of the LAN networks but the openvpn roadwarrior's network. The roadwarrior's ip subnet is 10.0.1.0/24. Check the attachment [image: quagga.png] [image: quagga.png_thumb]

Configure the proxy server ip & port in ur local  pc's browser

Update: This appears to not be an issue at all with pfSense. You can use Quagga OSPF and bridge on the same NICs. The issue I am having is due to my Cisco 3750 STP putting the ports into block. Thank for all your help and everyone who view and pondered my issue. Fred

Okay found the problem… and solved it. I have forgotten to tell, that I am routing any Traffic to the WAN by passing it on the VLAN 100, so I had to allow in VLAN 100 (LAN) Rules any requests coming from those other subnets! Thanks a lot.

i may be wrong but you should be able to just use your LAN port without bridging. i have two wireless routers configured in my network. i simply don't plug in the WAN port and just use the LAN ports essentially as a switch. in your case turn off bridging, plug ethernet into LAN (i.e. Port 1) with IP 192.168.77.10; have that connect to your pfsense box (IP 192.167.77.1) and see if that works. i checked the documenation of your router and it looks no different than your typical routers except for the ADSL port acting as the WAN. i agree that the VPN scenario probably won't work, or is too complex a solution for what you want to accomplish.

Got it working now.  I had it to nonly allow tcp!  im now allowing all :-D  silly slip!  thankyou to everyone that has helped greatly appreciated :-D

You shouldn't need any NAT between VPN<>LAN, just some allow rules (everything is blocked by default on the VPN interface).

@twistedstorm: I tried running a cable from one port on the 4port isp provided modem SMC D3GN2 modem to an additional network card on the pfsense box believing that an ip would be assigned dynamically by the ISP but I couldn,t get that to work That won't work, because you would end up with the same subnet on 2 interfaces. But if they're dynamic, why would you need all 3 of them anyway?

PPTP is not meant for site-to-site connections. Getting back to the "client" LAN would require a route back to the PPTP client's IP, but there is no way to achieve such a route in pfSense. It probably works the other direction because the other router is doing NAT on the traffic so it all appears to come from the PPTP client IP. IPsec and OpenVPN should be used for site-to-site VPNs, many "simple" routers can use OpenVPN with the right Tomato/*WRT image.

Check the docs: http://doc.pfsense.org/index.php/Main_Page http://doc.pfsense.org/index.php/Multi-WAN_2.0

First, most "install" programs send out a broadcast to find the printers. Broadcast packets do not cross a firewall or router. Second, unless it is a typo, your VLAN1 rule needs to be reversed, as in: any VLAN1 net/any -> VLAN4 net/any allow. I would almost do an any to any until it works for you. The Gateway on each LAN and VLAN should be none unless you are using policy routing (used mostly in multiwan setups).

I've re install everything, then first I define the Gateway and Route to internal subnets (Servers behind a different LAN Router), and works perfect with 1 LAN and 2 WAN (no special rules), but as soon as I modify the LAN Rule changing gateway to Multiwan it stops working. Then I add two rules, over default lan Rule to/from servers Subnet, and is working again. Later I will try enabling squid.  

@joeyb: i dont believe the modem is a router as the cable company gave me a netgear wireless router to use , i would like to replace the netgear with pfsense.      when you say subnet do you mean the 255.255.255.0? this appears on the wan nic(dhcp) and on the lan nic(static)although the ip address on the wan(79.82.xxx.xx) is way different from the lan(192.168.1.1-pfsense, 192.168.1.51-pc)   what do i change the lan nic to ? and what is my lan ip range ?   thanks   joey I just reread your post and Im not sure where I got that idea…  ::)    Im gonna go check my glasses now.  ??? Remember when changing devices directly up against a cable modem to reboot the cable modem.  That gets allot of people...