I had an appointment and sat down with the technical department of my ISP today. Tech noticed the setting "ppp multilink fragment disable" was set on their end and not on my router… So question would be whether or not this should be set or not...  But since it was easier to have them turn it off I asked them to. Now my mlppp connection is behaving correctly.    ;D :)    ( Insert partying smiley here. ) So question to the dev's...    Could this setting be included on the advanced section of the ppp's page for others that may be having issues to try??

Hi JoelC707, I was a little confuse, but someone in the IRC already shake my head and looks like we got the solution. Yes is a single WAN with multiple IP's available. This frind request to the IPS to add some maps into the ISP dns why, he say to save "management", well we are going to work only with a single public IP and start the setup. Looks like I just need a small switch to connect the cisco router+pfsense wan card there and the pfsense-lan card to the lan switch. I think this week will be the deployment because their ISA server is down, the HD crash during the morning, he start using pfsense but not in full operation, just the firewall, I'm waiting the call to make the full deployment. I will let u know guys, thanks  :)

That worked beautifully, thank you.

afaik it is not easily done in 1.2.3 …. i don't believe it is possible using the gui i'd suggest running 2.0 as it's nearing completion

Sorry, didnt see the 2.0 reference in your code sample. Several features are implemented differently in 2.0 from 1.2.3, this is one of them.

Is your modem in bridge or routing mode? if in bridging you can't access it, if in router mode you can access it. Here might be some more info: http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall#For_2.0

@jimp: No, it's done on a per-connection basis and there is no relationship between them in terms of bandwidth used. The only way that could likely happen would be if you enabled the traffic shaper and set that bandwidth on each WAN. Ok thanks jimp. I have my Traffic Shaper off, so I guess it's just a coincidence that my WAN's are averaging at 4Mbps. I guess I still have some little more headroom.

Testing a load balancer with a web browser is really hit and miss, with persistent TCP connections and caching. Always use wget or similar for load balancer testing.

My apologies for the late reply  :( I didn't mean to ignore you guys. Thanks for your input, it turns out the switch was bad that the interface was plugging into, so once we replaced it everything worked perfectly! thanks for all your help.

You need to setup split DNS so that your internal interfaces resolve the hostname to the private IP, not the public IP. NAT reflection may help, but it is not going to fix everything (especially not ping). http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

A downed WAN will always come back on its own. May be issues in 1.2.2 with that, though I don't recall any offhand, shouldn't be running 1.2.2 anymore. Upgrade to 1.2.3 at a minimum if not 2.0-RC3.

@u571kills: Will PfSense by default return packets from the WAN interface that they originated? Yes. No other means of routing will work (in most multi-WAN scenarios) as you can't send one ISP's IP out a different ISP. There is one possibility for doing that by wrongly using policy routing rules on WAN2 specifying WAN1's gateway, that would break things in that kind of setup and force traffic in WAN2 out WAN1.

Is it actually two WANs, or one WAN with two IPs?

Check here: http://doc.pfsense.org/index.php/Main_Page http://doc.pfsense.org/index.php/What_is_policy_routing%3F http://doc.pfsense.org/index.php/Category:Howto

sure here it is…both opt1 and wan [image: opt1.jpg_thumb] [image: wan.jpg] [image: opt1.jpg] [image: wan.jpg_thumb]