thanks !

Given that you have a single link, I can't imagine you will see a performance increase by doing this.  If you can explain what your goals are in load balancing the five IPs on the same link I think it might help the group supply you with the optimal solution.  Also, do all of your five IP addresses use the same gateway?  If so you will have trouble with pfSense 1.2.x and will need to install intermediate NAT devices on each (all but one actually) of the interfaces.

Have you checked with a packet capture tool (such as Wireshark) or even looked at the pfSense states table to see what's going on?

Please read this sticky. Your setup will be the middle scenario.

You should be able to configure apinger from

Diagnostic : Edit file

/var/etc/apinger.conf

Standard values:

## "Down" alarm definition. ## This alarm will be fired when target doesn't respond for 30 seconds. alarm down "down" { time 10s } ## "Delay" alarm definition. ## This alarm will be fired when responses are delayed more than 200ms ## it will be canceled, when the delay drops below 100ms alarm delay "delay" { delay_low 200ms delay_high 500ms } ## "Loss" alarm definition. ## This alarm will be fired when packet loss goes over 20% ## it will be canceled, when the loss drops below 10% alarm loss "loss" { percent_low 10 percent_high 20 }

In 2.0 these settings are in the GUI:

System: Gateways: Edit gateway

Yes, bridging is Layer 2

If i request a NAT IP from pfsense with dhcp, the forward will work, but then i loose my connectivity on the ubuntu server, and the real IP on that server no longer works..

DHCP overrides your default gateway on your linux box.
Shouldn't it just work when you put back the default gateway after that (or don't change it at all?)?

And why is this in there:

192.168.1.0    192.168.1.9    255.255.255.255 UGH  0      0        0 eth0

this should be enough:

192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.6
109.189.137.0/24 dev eth1  proto kernel  scope link  src 109.189.137.246
default via 109.189.137.1 dev eth1

Or am I missing something here…

got it myself.  thanks.  i added a block outbound rule on the DMZ to not allow it to go to the private subnet and put it above the all outbound and that is working.  thanks!

Bumping post again, hoping for a reply.

i someone knows it can be done and even if takes more then 4 pfsense units, please reply.

Arthur.

I have now more interesting details…
http://www.cloudshark.org/captures/9ebde8d4aac7

This is a partial capture of a FTP session, fully done over telnet.
Partial because greetings and login are missing, and also several previous succesful attemps. I'll explain later.

Client is 10.12.3.11, server 10.12.8.136, connected over 10.12.8.253, pfSense box.

On packet 21, you can see passive mode is asked. Then on packet 129, LF is sent, to validate a "list /backup/".

At that point, I issued a "telnet 10.12.8.136 50065".

Packet 133 & 134 are the SYN packet from 10.12.3.11 relayed over 10.12.8.253 to 10.12.8.136.
Packet 136 shows the reply (SYN ACK) from 10.12.8.136, and packet 135 shows that 10.12.8.253 tells 10.12.8.136 that 10.12.3.11 is not reachable. Nothing new, was visible in previous capture. (Don't mind that packets 136 & 135 should be inversed).
3 seconds later, then SYN ACK is sent again and ignored. And again 3 seconds later (packet 140)

Some seconds later, I issued again a "telnet 10.12.8.136 50065".
And what do you see? 146 & 147 are the SYN, and miracle, 148 & 149 are the SYN ACK being routed!
And then you can see everything works fine, directory listing is tranfered.

Above, I said I had several succesfull attemps, because as long as I try to connect twice to the passive port, the 2nd attemps always succeeds. Interesting, isn't it?

My Static Rules is
Interface : LAN
Destination network : 90.0.1.0/24
Gateway : 90.0.0.201

yet still i cant manage to get my LAN2 connect to the internet.

here my manual outbound.


we have different subnets

like

172.17.1.0  255.255.255.0 gateway: 172.17.1.1
172.16.1.0 255.255.255.0 gateway: 172.16.1.1
172.30.1.0 255.255.255.0 gateway: 172.30.1.1
172.20.1.0 255.255.255.0 gateway: 172.20.1.1

the gateway ips are the vlan interface ip's on the pfsense router.

That worked! Thank you very much!

I have to use the VPN Router from our provider - so I can't move the VPN over to PFSense :-(
Flemming