@podilarius: That is doable and simple. You already have the allow rule for LAN that will encompass all networks. In the NAT, switch over to manual and create an outbound NAT for 192.168.0/24 by cloning the 2 rules for 10.0.0/24. Head over to Setup -> Routing. Create a new gateway that is 10.0.0.100. In the routing tab, create a new route that says that if you are going to go to 192.168.0/24, you are going to get re-directed to your new gateway at 10.0.0.100. You then just need to setup your router like you did before. You can delete that extra rule if you like, it is redundant since the rule below it will also allow it. Thank you for all your help. Got it all working at last! Appreciate it so much!

sussed it - just needed to add a firewall rule to allow any. Lovely bit of kit this firewall :) Best Dude

I noticed that if I connect to pfsense through squid on another machine, it switches connections (wan1/wan2) as if it is load balancing. but if I connect directly using PFsense, it only uses one connection which is it should be.

i just checked it and it works fine https://docs.google.com/viewer?a=v&q=cache:WbFTrT_Jk6oJ:securite-ti.com/pfSense_Web_Proxy_with_multi-WAN_links.pdf+&hl=en&gl=in&pid=bl&srcid=ADGEESh1IlWSlZPVVW2TD6EPj5jIhPUZVJp4Ly7iL3IgiLvKt2esmixX2gPH6WgB_1ffZU7DLdWI5dapHFMYCh4mXn_uJc3rebgINeIPBVQLdb0rbxMn-5Xz5Fkm6vfz1VJLcXVWNzNb&sig=AHIEtbTAd1LlfjKZxvcK3XXMMP3KVPUUGQ

Thanks. It works properly… without the Squid.

The problem here is that the return traffic has no way to know it's supposed to go back over the VPN in this case. So it tries to leave out of the internet connection, and either gets blocked for lack of a state, or gets blocked at the client because the IPs don't match up. The "client" for the inbound traffic is not known as one that needs to be routed across the VPN. Normally, multi-wan sorts this out by using reply-to on the firewall rules on the interface, however we don't add that for VPNs. It may be possible to do that in some cases where the OpenVPN interfaces have been assigned. We have talked about adding a manual reply-to field populated with gateways to choose from, but that hasn't materialized yet.

Done by editing XML. BTW I think that wan/lan shouldn't be special cases. These should be regular interfaces which can be edited or deleted, without forcing wan as default gateway etc.

I'm not sure, but I have a feeling it's using NAT behind an isp router since ip-check.info gives me another address such as 58.83.. while another (china based) ip checker returns 221.179.. seems to me they have NAT going on… also my ip returns nothing from whois query... strange... and they don't let me ping anything but their nameserver out of the fast WAN... quite restrictive as you see, and yes, I'm based in China hehe infact here is an IP address that I have been dynamically assigned on the fast wan: 172.32.16.200

Someone provided a diff, but iirc it still has some rough edges Check https://github.com/bsdperimeter/pfsense/pull/118

you probably need a route on both sides

pfsense can do policy based routing to different gateways. So you need to say pfsense where to route which (destination/source) IP or port. So lets assume this: Any https and https traffic should be routed through your optical connection then you need to create a firewall rule which has the port 80 nd 443 as destination and as Gateway the optical connection. Other traffic which is using other ports should use the other gateway. The same can be done with IP addresses. You will get problems if you have an http download - because as you said this should be done with the cable connection but in general you want that for port 80 should be on the optical interface. It could be another possiblity if you have one "gameing computer" and you route all its traffic through one gateway and all traffic from your laptop through another gateway. Hope this will help you in any way. :)

Hmm…if something isn't working and the users need this, then my phone will ring all the time. The other way the users will never call me and tell me "hey, all if working" ;)

Yesterday I've set my Multi-WAN load balancer and when I'm using http://whatismyipaddress.com/ on Firefox hitting Ctrl+F5 it works instantly toggling with my two IPs.

Looks like I've manage to fix it by myself. The answer is to check "Any flags" for "TCP flags" in the LAN firewall rule which redirects traffic to the proxy server. So, now the rule looks like: pass in quick on re0_vlan1 route-to (re0_vlan1 172.26.1.50) inet proto tcp from 172.26.10.1 to ! <corporatenets>port = http flags any keep state label "USER_RULE: Transparent proxy forwarding"</corporatenets> Hope, this will help someone.

@denvel: Hi all, i had manage to configure internet load balancing + squid(not transparent) + squidguard using pfsense. But my problem is when i try to browse some websites it stocks or freezes then when i refresh my web browser it will load the webpages. I think there is a problem with the floating rules..because when i disabled the floating rules i can web browse normally. Anybody had experience this kind of problem about floating rules?? We also experience this. I think it would be advisable to run squid on a different machine rather than running it inside the pfsense machine. Though I am not sure about the settings since we are only new in using pfsense. Maybe there's another way to configure loadbalancing+failover+squid to make it work properly.

With a search you can found that your question is already answered. But, do you want to send also different trafic from these servers via these public-ip's? if only this ntp trafic is what you want: 1. Add VIP's as many you have/need 1.1 Go To: Firewall: Virtual IPs and press + Then add these values: Type: IP Alias Interface: WAN IP Adress: Your additional p-IP with a mask /32 Description: What ever you want 1.2 Apply changes after saving 2. Add Aliases 2.1 Go To: Firewall: Aliases and press + Then add these values: Name: Server1 (or second round: Server2) Description: VLAN # NTP-Server(or whatever you like) Type: Host(s) IP: Server internal IP Description: Server name (or whatever you like) Now do it again for another server, and after that NAME: PublicServer1 (or second round: PublicServer2) Description: what ever you like, but keep it descipive Type: Host(s) IP: Server Outside IP Description: what ever you like So you end up to have 4 Host-aliases: Server1, Server2, PublicServer1, PublicServer2 2.2 Apply changes after saving 3. Port Forwards 3.1 Go To: Firewall: NAT and press + Then add these values: !Notice, that if you find a field which is not told to be touched unnotice those. Interface: WAN Protocol: UDP Destination: Type: you can either select your WAN/VIP or "Single Host or Alias" Address: If you chose "Single Host or Alias", then you can type PublicServer1 (or PublicServer2) Destination port range: from:NTP to:NTP Redirect target IP:Server1 (or Server2) Redirect target port: NTP Description: what ever you like Now save and do it again for second server 3.2 Apply after saving changes Before 4th step you need to choose, if you want to have any other trafic also flowing with this additional public-ip like all trafic from vlan2 to go via p-ip1 and all trafic from vlan3 go via p-ip2 4. Manual Outbound NAT 4.1 Go To: Firewall:NAT:Outbound 4.2 Press Manual Outbound NAT and save 4.3 Press + and after that add these values NOTICE!: If you find untold field, leave it as is Interface: WAN Protocol: UDP (or if any trafic from this vlan, then ANY) Source: Type: Network Address: Either Server1/Server2 (or your vlan subnet) and SM is to server /32 and vlan probably /24 Translation: Address: Again you can choose WAN/VIP or Host alias(then choose PublicServer(1/2) ) Description: What ever you like Save Repeat these to another server 4.4 Change the order of the Mappings, that your server rules is above any other rules 4.5 Save, Apply changes 5. Test that anything works 5.1 Enjoy In case of something doesn't work Read/search forum before posting. also Documentation might help

Yes, it only notifies when it goes down.

I think I have found the cause of the problem: The BT line has the option of changing the line profile as it’s a more expensive Annex M connection the C&W line does not have this. Originally I had been using Interleaving on the BT line. But when I turned it off and switched between non-interleaving profiles, the C&W line stayed up. These two lines are run in the same cable as I guess the engineer who installed them was being lazy or its standard policy either way I think there is some crosstalk on the lines which was causing the problems. Either that or its my dodgy Cat5e telephone extension cable! I should really test it locally but I can’t do that at the moment. Thanks for the help Nachtfalke, in this very odd case its much appreciated! Wish they would hurry up and deploy fibre + VDSL!

Thanks by altering that rule I am now able to ping everything and anything on the lan side.