You are not alone…...

Reason to do this is to not need to rely on a switch, which would be an extra piece of hardware. My example is a small branch office. I have 2 computers and a printer. On a linksys/netgear, I would have a 4 port switch built into the router. Basically I want a single piece of hardware able to handle routing and "switching" for 2 computers and a printer.

I could also say I have a wireless adapter that I want on the same subnet as well. I need it on the same subnet so a laptop can wirelessly access shares on 1 computer and the printer.

Cheers, I had a feeling this was the problem, I applied the rules accordingly, as there were none in place. This helped. Thanks. 8)

I have another question, If i wanted to DMZ my router and point that towards my PFsence Box IP, I take it I would have to setup the WAN interface to have a static IP?

The issue I am having is that I have tried to do this, but for some reason only DHCP mode on the WAN interface seems to allow me to connect to the internet.

If I set the WAN interface to have a static IP (192.168.1.50 - which is on the sub-net of the router) for instance my LAN and OPT1 cannot ping outside addresses. Perhaps again i'm forgetting something. ???

Please give me some pointers.

Regards.

What do you have entered for "External subnet IP"?

For policy route negation you add a rule without the gateway defined, that way it respects the system's routing table.

If you have a rule with a gateway set, the traffic will go through that gateway, ignoring any other routes. (Just doing what it's been told)

Thank you for taking the time to help me out with this. It seems that I need to do some reading because I dont know where to change the switch config in the gui. I do have access to the gui from wan tho. I will look in to that further and try to educate myself more before I ask any further questions.

Thank you again for everything so far

lagg is strictly for Ethernet interfaces, it cannot be used with anything else.

I get the idea.
It's always a choice between fine tuning precision (providing some security) and ease of administration ;)
I'll stick with security then.

Hi,

I have three interfaces, WAN holds a public IP and hosts productions VPN tunnels for servers on the LAN.  I also have an unused OPT interface.

Is it possible to bridge the OPT interface to the WAN interface without losing the existing functionality on the WAN interface and the VPN tunnels?  When I tried this last my whole datacenter went down due to (I believe) switching issues.  Would it be better if I had another public-facing interface on the pfSense router to bridge to, or another router?

Thanks,

Todd

you need proper routing on rtr2 to get that network back in to the internal network, and you're going to introduce other complications probably on that same router because of the asymmetric routing. That's an ugly design in general, can you move all your clients behind pfSense? That will eliminate a number of complications with routing and filtering with asymmetrically routed traffic that you're going to have with that setup.

@jjone:

maybe its my windows server problem.

Consider applying these ips on firewall and use a reverse proxy.

with reverse proxy as well on IIS, you can use host header do define website instead of using multiple ips.

@hsoldo:

Hi

First of all I cannot setup pfsense to do load balncing or failover. I did all as was written in the tutorial but somehow speedtest doesnt show improvement, as well as torrents.
If I unplug wan or opt1 I loose the connection to pfsense. In any case it is behaving weird.
If someone just point me to a good tutorial to setup pfsense to do load balancing and failover:
These are my specs:
WAN connects to adsl modem which is in routing mode and has lan 192.168.0.100. (I set my wan 192.168.0.99, and set gateway to 192.168.0.100)
OPT1 conects to wireless incoming router which has lan 192.168.0.98 (my opt1 is 192.168.0.97, and ateway 192.168.0.98)

pfsense lan is 192.168.0.96

I set three gateway groups (192.168.0.100 and 192.168.0.99 tier 2 ; 192.168.0.100 tier1, 192.168.0.99 tier2 ; 192.168.0.99 tier1 , 192.168.0.100 tier2)
and in firewall under lan set three rules each one went under advanced and set gatway one of these gateway groups)
also for all gateway I set monitors the DNS servers of ADSL and wireless router ISP providers.

Can someone tell me what I do wrong?

After you have resolved the problems with three times the same subnet as said from the posters before do the following:

Delete all your Groups
Create a new Group, put in the WAN Gateway and choose Tier 1 for them.
Add this as the gateway in "Firewall -> Rules"

Hint:
Gateway on the same Tier will do Loadbalancing when they are up. If one is down there is automatically a failover to the other gateway. If the broken GW comes up again there will be LoadBalancing again. If all GWs in a Group with the same Tier fail THEN it failover to the GW with the next higher Tier.

After this reset all your states "Diagnostics -> States" and the try with this URL:
http://www.pfsense.org/ip.php

Refresh the page many times fast after another and the IP should change. Then LoadBalancing is working.

Thanks for the replies!

I've managed to get it to work just with pfSense limiters instead of tomato. So, I've disabled DHCP server on tomato and made a wireless AP again.
Also, I decided to make a video tutorial on how I did it.
https://www.youtube.com/watch?v=WhlBhMSG2t8
Its my first video tutorial so comments & suggestions are welcome.

Thank you!

Not nearly enough detail there.

What version of pfSense? What kind of gateway (dynamic or static)?

Screenshots of the gateway settings would also help.

Okay so I realized how easy it was.

Reverted back to version 1.3 since I started to remember things previously and had it configured within 3 minutes with approximately 5 clicks.

I am now reaching speeds of 29mbit/sec on speedtest, and rapidshare it is peaking higher than that.

Thanks for your help and patience!

zsr

It depends - do you have one subnet or two? The most common datacenter deployment where you don't want to NAT is to get one subnet between you and the provider (a /30 or /29, the latter is required if you're doing CARP), and have a second subnet of whatever size you need for the number of hosts you have routed to your interconnect subnet with the provider. Then the second subnet can be setup on an internal NIC of the firewall and you have proper routing. If you only have a single subnet, you either have to NAT, or bridge.