VLAN 101:  Switches, Firewalls Huh Network:  10.10.1.0 /24 Switch IP: 10.10.1.1 1. assume ur pfsense has wan ip x.x.x.b/zz and wan gateway is x.x.x.a/24 and lan ip is 10.10.1.10 2. connect lan into access port belongs to VLAN101 make sure it is not trunk port 3. create another gateway having ip 10.10.1.1 named LANGW 4. create static route of 10.10.2.0 /24 using gateway LANGW I.E FOR ALL OF YOUR VLAN 5. open firewall nat click Manual Outbound NAT rule generation and SAVE 6. after generating automatic rule add similar rule for all vlan networks hope u will get internet from lan let me know

Looks like it.

Yes it is sometimes hard to member ingress+top-to-down

Hi You resolved this problem? I have the same configuration and it doesnt work

THANKS FOR THE HELP I GOT IT WORKING!!!!

I'm still a bit confused. I took the network example from the 1.2 docs and adjusted it a bit. The red box is my small business server, it does smtp, remote web workplace and outlook web access. The blue box is what I would like to use the connection #1 which is the faster connection. I think I can figure out that much between the 1.2 and 2.0 docs. My question is, what goes in the green circle? Just a regular unmanaged switch and then I add another firewall before the dmz zone? The second image is what I was thinking originally. Would this setup work? I'm not even worried about failover or load balancing right now, I just need to get this DMZ sorted. [image: dmz.jpg] [image: dmz.jpg_thumb] [image: dmz1.jpg] [image: dmz1.jpg_thumb]

if you're having subnet of 192.168.1.1/24 then gateway must be inside of that area: 192.168.1.1 and 192.168.1.254 But if you mean, that you could use different wan gateway to internet, then yes

I already enabled it before.

If you have only one gateway, then it can be done by manual outbound nat(Firewall:NAT)

You're putting the cart before the horse buddy. Did you even figure out how to force bittorrent onto a specific WAN before tackling the schedule?

@Cino: Emarl would be the guru if its possible. Thinking a code change would be needed to allow a feature like this. Do you have access to all the clients running bit-torrent software? You could set static ports then create an alias to direct all that traffic thru the gw you want. Thats what I did for my network Well that's what I'm doing now. I basically put the before-last-rule to be that ALL traffic of the bittorrent machine (192.168.0.10) be NATed to the DSL connection. Above that rule, I put that port 80,80,443 (and a few other ports) from 192.168.0.10 be sent to the cable connection. So far it works ok, but the problem is with the trackers running on HTTP will be contacted by my cable connection. So getting incoming connections on my DSL for bittorrent is a bit slow, as the DHT and peer-sharing functions need to kick in for my DSL connection to be known to the other peers. but it works none the less and maybe I'll leave it like that since I don't want to take the chance that L7 layer filtering (if I'd get it to work) would fail one day and reship everything to the cable connection, costing me a pretty penny in overages.

You got it

I'm afraid that is not enough, which chip you use etc. Check your hardware and then check that list which url i already post. And when using virtuals, hardware is going to change a bit. cause of "virtual machine"

Dear Nicklas, I really look forward when your document is ready. Last night I am trying to upgrade from 1.2.3 rc 3 to 2.0 rc3 and ran in a lot of problems. I got the traffic in and out through the firewall but I can only access the Gui from the Lan side (it was a problem that I cannot access the firewall remotely). Also the firewall has DNS issues itself which cannot ping external or dns look up. But the servers behind the firewall can access SSH, WHOIS, DNS, FTP, WWW..pop…etc are all good. So, I am now restart the whole setup from scratch instead of upgrading it and import the configuration file. May I ask a question: On the Wan side rules, the "Lan net" is replaced to "any" ? is that how you did on yours?

Because I believe this problem doesn't really have a lot to do w/ PFsense, I created a blog post about this specific issue. I would still love for any others to share their experiences with OpenOSPF. http://ouliakk.blogspot.com/2011/08/using-openospfd-with-freebsd-78.html

Maybe you have 50/50 loadbalance, you should try weighted loadbalancing to get more upload speed

Thanks. I noticed that difference in both versions. I decided to play with my chances and quickly change WAN IP which helped. I think the buffer from the time that some action is done on pfSense to the time that it takes effect would help a lot in changes. Maybe a universal buffer time button or APPLY button would be a great feature.