Edit first post subject with [SOLVED], if you don't encounter any further problems with this setup

Probably per session, though I don't know the internals of the multi-WAN support well enough to be certain.

What kind of use case do you have that requires multiple GIF interfaces on a subnet like that?

I wouldn't exactly call that something that is "often" needed.

Hi wirklich,

simply define a firewall rule in LAN tab where you set:

Proto: *
Source: single host or alias
Destination: *
Gateway: your Gateway

This should work.

Regards,

brick1

As far as I know you can close the topic on your own.
Please put an [SOLVED] in front of your topic of the first post so that everybody knows that you found a solution.

@ermal:

It can be done.
You just have to learn how to do it ;)

So sorry to say but RTFM

I think I may be having the same problem, but to know for sure that I didn't do what the manual specified, would you mind specifying what manual you read that made it so clear?

If not, can anyone else provide better information than, "sorry to say but RTFM"?

@abcvidu:

So if I checked "No Proxy" with PC Default GW= Firewall IP, is there any way to access internet?

If you browse the web with port 80 (http) the squid automatically redirects this packets and so the traffic is going through squid. This is why you call it "transparent". You do not need any additional setting on your clients and the clients in general do not (need) to know that there is a TRANSPARENT proxy anywhere in the network.

You only need to edit the proxy address in the browser if you squid in NOT usinge transparent mode.

Assign the gif interface and you can bridge it :)

80K/sec is extreme load. I would suggest you go for more CPU and RAM. Load balancing can take up CPU process, and when you say 80K/sec that means switching 40K times in a second. I doubt if the i3 will be able to take that load. i5 with 8GB+ would be a better choice in my opinion. Add a 1x8GB stick first, if required you can add in additional RAM to the second slot.. depending on what kind of mobo u will be using.

I think I may have figured it out.

I won't be able to test until tomorrow morning, before the rest of the employees get in. I don't test config changes during business hours.

If it's what I think it is, I will be embarrassed  :-[.

Remove those destination addresses and replace those with any

FTP TO GO OUT VIA DIFFERENT GATEWAY MANUAL(modest version)

Make sure you have the another up and running ok Make sure you have aliases for ftp server ip-address and needable ports Check in what subnet(interface) that server is Goto that interfaces rules tab and create new rule
4.1) Pass RIGHT_SUBNET TCP FTP-SERVER-IP_ALIAS * * FTP_SERVER_PORTS
4.2) goto "advanced features:Gateway" and select your desired gateway

@mrkrad:

you will get 5mb/s with uTorrent or anything that uses a download accelerator to CDN's that are on multiple C class segments (common).

You will only get 5MBit/s if you are downloading a file which allows MULTIPLE connections. utorrent or torrent in general allows this. But this will not work with every download!

If you are much willing to pay, you can post this in the bounty section.

I cannot answer all your questions since I am just a newbie with pfsense.

question: Anyone got a sample list of configuration to make this work?
Yes. Multiwan is much easier now. Just go to your firewall LAN rules and assign what ports your apps are using to the specific gateway that they will use.

Question: Sticky connections yes or no?
There is an option in System>Advance>Miscellaneous. Just check it there

Question: Any way to get more robust interface up/down - i've found aggressive settings result in too much interface flapping.
You can try the high-latency or conservative.System>Advance>Firewall/NAT

If you want to use failover, just create a group gateway in different tiers.

what if you continue the download (aka ftp restart)?

cheap vpn?

Check out snort - we got a free tippingpoint low end IPS and it has this feature - it can detect 10/100/500/1000mb file transfers and you can take actions - like block, throttle - i guess if you can master snort you could add a filter to do this? no idea personally but possible definitelyl

on pfsense1

lan rule
allow tcp/udp lan_subnet_or_wanted_client * these_web_sites_Alias these_ports_alias + advanced settings gateway1

Hope that was clear enough

EDIT: Ofcourse this rule is above default rules

Hi,
Please keep all discussion on the forum rather than PMs.  ;)

@PM:

We are facing an issue with Pfsense. when we setup Load balancing the Secure connection( Mainly HTTPS sites) is not working . It does not allow two public IP’s in same session, So it is being rejected.
As per pfsense documentation available in net we tried to use “Sticky Connection” and also  tried to setup LAN rule for HTTPS but the issue is still not resolved.
We are using Pfsense 1.2.2 version.
We are  using  same IP for two different HTTPS  mail server.Actully the two mail server hosted into single Machine. Please let me know how  can I resolve the issue?

Why are you running such an old version of pfSense?
Your message is a bit confusing. Are you using inbound or outbound load balancing?

Steve

I got my answer from another post…

"VLAN to VLAN traffic is handled entirely within the smart/managed switch and doesn't get to the router"

@Nachtfalke:

I am thinking of a small home router like a small d-link, netgear, zyxel, fritz!box, speedport

Just something really small, quiet, less power consumption.
http://www.reichelt.de/?ARTICLE=37669;PROVID=2028;&utm_source=Preisvergleich&utm_medium=CPC&utm_campaign=google_feed

Didn't you get any Modem, Router from you ISP ?

Yes but my cable modems doesn't have advanced firmware. It's like a usb modem. (does not have router function)
Do not have NAT-Firewall anything.

Thanks.

Only way this would work is to bond connections…  Since your using two transport methods Im not sure how well that would work...  Your ISP would have to support it...