Do you have a gateway entered on the OPT1 config page? (Interfaces > OPT1). IIRC, only interfaces with gateways are put into that page.

You need to use a transparent bridge to allow public IPs on the LAN.

As far as Squid, I cannot help you there my friend but my guess is once you get the bridge working you should figure it out fairly easily.

WAN - Set IP, Subnet, Gateway
LAN - Set IP address to "None"
System Tunables -> pfil_member to 1 , pfil_bridge to 1
LAN Rules - Change LAN subnet on the ANY rule to ANY, so it should be ANY ANY (otherwise you will be locked out). Remember, when you set the IP to none on the LAN, there is no longer a LAN subnet. Now it's just a interface which is what you want.
Bridge the interfaces together

Configure Squid (cant help you on this one)

Hope this helps, otherwise I misunderstood your post. BTW, this issue haunted me for a week, very tricky to figure out on 2.0 and a lot of experimenting and testing.

Ok, semi-resolved

After I updated to a new snapshot, it started working again. For whatever reason, after I installed 2.0-RC1 and it was working right, then updated a snapshot, it stopped working and now I updated to a snapshot from today and it started working again.

I will monitor it for 24 hours and post the results then mark this topic resolved.

FYI, if you're using a transparent bridge make sure you have pfil_member set to 1, and pfil_bridge set to 1. Also make sure all of the rules are in place because it's very easy to lock yourself out of the pfSense box.

By default, the LAN rule will allow LAN subnet to any, however when you bridge to the WAN there is no longer any LAN subnet so it's very important to change LAN to any, so on the LAN rules you should have ANY ANY.

New information:

I can ping the WAN interface from the router but not the LAN interface even though all routes are in place.
Something on the firewall is blocking the traffic through to the LAN… even when IP filtering is turned off!!
Nothing shows in the logs either!

Ok, I will test and report.

Thanks

Dear Nachtfalke

Thank you very much for your help from began.

@bouncer:

2.0 RC2  ???

Configuration is for pfsense 2.0
In pfsense 1.2.3 there are no "Routing Groups" for LoadBalancing.

So you have 2 subnets in your LAN. The best practice to handle this is VLAN:

Create 2 VLANs on your switch

Create those 2 VLANs on your pfSense and the pfSense will be the default gateway for your 2 subnet

Configure rules as you wish on pfSense

That's it…

@cmb:

You only need virtual IPs where the firewall must answer on layer 2 on those IPs, that's not the case when bridging (and VIPs will break bridging environments as it will create an IP conflict).

Thank you Chris, enjoy your weekend!

You're doing NAT behind the second box? In that case it'll work the same as anything else, capture traffic on WAN on one of the affected camera's IPs and see if it leaves WAN, if it gets any reply from the camera.

When you do load balancing with speedtest.net you'll end up with weird results because it recently changed to use multiple TCP sessions, but only one TCP connection at a time. With the type of load balancing setup you have, parts of the test will use each WAN, so it's normal to end up with results that either match only one or the other, or in some instances, that match neither (as part of the download test can use one WAN and part of it the other). Sounds like you're also expecting a single TCP connection to use the sum of your bandwidth, which is impossible as it must be tied to only one WAN.

It just depends on what you want to do. If you want to just load balance, you only need the load balance entry. If you want failover only, just make that one. If you want to do a mix of all three, then do all three. It isn't required to make all three, the howto just does that since sometimes people want to do all three.

Ah: I forgot to ask my question:Does anyone see anything wrong with my configuration, or does anyone have any suggestions I might try?

Thanks!

–jason

Ping from the web utility only works through wan 1 AFAIK. Are you running a squid/transparent? I had the same exact problem and shutdown squid and everything worked with no issues.