Hi,

I am not to sure, how you have to set up fireall rules in 1.2.3 because, like you mentioned, I am using 2.0 RC-1.

But in the rule you have to set:
protocol: tcp/udp
source port: any
source address: any (or LAN Subnet)
destination port: HTTPSall
destination address: any
GATEWAY: WAN1 Failover OR WAN2 Failover

But I would add the IPsec (500), ESP (4500), OpenVPN (1194) and PPTP (1723) ports to your Alias httpsall, too. You could have a look at wikipedia and VPN and find out, which method is using which port and then add it to https.

Like your alias is looking at the moment, ther will be no difference for VPN connections than without an Alias.

There are plenty of tutorials and documentation on the forum and the doc wiki (check my sig).

Hi,
i've got the same issue but i'm afraid there is no solution for the moment….

Edit : The only way we find it's to kill process apinger and reload it with script.

Myke.

Without doing BGP and sharing the same IPs between both ISPs, what you want isn't really feasible.

Some people will put a really low TTL on their DNS and switch the DNS entries when a WAN goes down, but that isn't really reliable in most scenarios. Some clients/places will cache DNS longer than desired even with a low TTL, so you may still have downtime.

I'm using the Netopia DSL modems which have an "IP passthrough"  feature meaning the modem handles PPPoE or PPPoA and assigns the WAN (public) IP to pfSense. There's a small glitch with this, but in the big picture it's working great.

One issue I might suspect with your setup is you need to change your DSL modem subnet. Say the default is 192.168.1.254/24… you can't have both DSL modem connected to the same pfSense with the same subnet, so change one to e.g 192.168.2.254/24... even if you use the IP passthrough like I describe.

The motherboard has a Broadcom NetXtreme Gigabit Ethernet based NIC. So I'll use that for the LAN side.

The dc5700 has two PCI slots and one PCIe slot. I figured that it would be simpler to just pick up two inexpensive PCI based, single port NICs rather than purchase a substantially more expensive dual port PCIe card. That way I can purchase a third for a backup in case one goes down and I've still spent less than the dual port card.

I am looking at Intel desktop adapters rather than server adapters. Considering that these are going to go directly to the ethernet ports on the routers, I don't see any reason to go expensive. I won't be teaming, setting up any VLANs, etc.

Can pfSense make use of cryptographic accelerators like the ubsec driver found at http://www.freebsd.org/cgi/man.cgi?query=ubsec&sektion=4&manpath=FreeBSD+8.2-RELEASE? We do want to setup a number of VPNs.

I had tried creating NAT –> Port Forward:

Interface: LAN
Protocol: TCP
Destination: Single Host & <ip of="" my="" a="" server="" which="" require="" passing="" by="" proxy="">Destination Port: HTTP
Redirect target IP: <ip of="" my="" other="" proxy="" server="" in="" another="" subnet="">Redirect target Port: 8080
NAT reflection: use system default

Anything that I miss?  >:(</ip></ip>

Yes, you can connect directly to the Nortel, and it sounds like your Cisco isn't doing anything for you so you may as well remove it.

pfSense rules apply to traffic arriving on an interface.

For the simplest start, create rules on the LAN and DMZ allowing access everywhere (see the Default rule for the LAN interface in your second post). If at that point you still have problems communicating between the LAN and the DMZ it is probably because of the computer's you're using. Start by giving each their own /24 (say put the DMZ on 172.30.11.0/24 and give the LAN 192.168.0.0/24).

I have tomato working with MLPPP perfectly fine. I turned off DHCP and to test that the internet and MLPPP is working i used a static IP assigned manually in windows. As well, it is running on 10.1.1.1, and I will be assigning 10.1.1.2 to PFsense, with the hope that 10.1.1.100 - 10.1.1.150 would be DHCP from pfsense. I just havent figured out how to get tomato hooked into PFsense, I have it assigning IP's already through a second router running dd-wrt that is wired to the box I want to use for pfsense. DHCP on that is off as well, and I can connect to pfsense web admin and see myself there in the list of clients no problem.