Hi JoelC707, I was a little confuse, but someone in the IRC already shake my head and looks like we got the solution. Yes is a single WAN with multiple IP's available.

This frind request to the IPS to add some maps into the ISP dns why, he say to save "management", well we are going to work only with a single public IP and start the setup.

Looks like I just need a small switch to connect the cisco router+pfsense wan card there and the pfsense-lan card to the lan switch.

I think this week will be the deployment because their ISA server is down, the HD crash during the morning, he start using pfsense but not in full operation, just the firewall, I'm waiting the call to make the full deployment.

I will let u know guys, thanks  :)

That worked beautifully, thank you.

afaik it is not easily done in 1.2.3 …. i don't believe it is possible using the gui

i'd suggest running 2.0 as it's nearing completion

Sorry, didnt see the 2.0 reference in your code sample. Several features are implemented differently in 2.0 from 1.2.3, this is one of them.

Is your modem in bridge or routing mode?
if in bridging you can't access it, if in router mode you can access it.
Here might be some more info: http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall#For_2.0

@jimp:

No, it's done on a per-connection basis and there is no relationship between them in terms of bandwidth used.

The only way that could likely happen would be if you enabled the traffic shaper and set that bandwidth on each WAN.

Ok thanks jimp. I have my Traffic Shaper off, so I guess it's just a coincidence that my WAN's are averaging at 4Mbps. I guess I still have some little more headroom.

Testing a load balancer with a web browser is really hit and miss, with persistent TCP connections and caching. Always use wget or similar for load balancer testing.

My apologies for the late reply  :( I didn't mean to ignore you guys. Thanks for your input, it turns out the switch was bad that the interface was plugging into, so once we replaced it everything worked perfectly! thanks for all your help.

You need to setup split DNS so that your internal interfaces resolve the hostname to the private IP, not the public IP.

NAT reflection may help, but it is not going to fix everything (especially not ping).

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

A downed WAN will always come back on its own. May be issues in 1.2.2 with that, though I don't recall any offhand, shouldn't be running 1.2.2 anymore. Upgrade to 1.2.3 at a minimum if not 2.0-RC3.

@u571kills:

Will PfSense by default return packets from the WAN interface that they originated?

Yes. No other means of routing will work (in most multi-WAN scenarios) as you can't send one ISP's IP out a different ISP. There is one possibility for doing that by wrongly using policy routing rules on WAN2 specifying WAN1's gateway, that would break things in that kind of setup and force traffic in WAN2 out WAN1.

Is it actually two WANs, or one WAN with two IPs?

Check here:

http://doc.pfsense.org/index.php/Main_Page

http://doc.pfsense.org/index.php/What_is_policy_routing%3F

http://doc.pfsense.org/index.php/Category:Howto

sure here it is…both opt1 and wan

opt1.jpg_thumb
wan.jpg
opt1.jpg
wan.jpg_thumb

The log messages you posted suggest that vr0 and vr2 are sharing the same physical network somehow - you might want to double check your switch configuration.

How about next test:
Manual outbound nat rule with following settings:
Do not nat: choose
Interface: opt1
Protocol: what ever traffic you want
Source: LAN subnet
Destination: choose network and you can specify mask bit to 32(applies only one machine)
Description: best solution so far

hint.png
hint.png_thumb