It only works only on the WAN if you use the FTP-helper.

If you disable the ftp-helper on all related ports, configure manually a passive port-range on the server and then forward 21 and <your_port_range>from WAN and OPT1 you can access it from both.

Also see: http://doc.pfsense.org/index.php/Howto_setup_ftp_server_behind_pfsense</your_port_range>

There might be a way to do this with squid, but not in our GUI, and your second WAN would need to have a static IP.

Not sure about the others, but I know Pandora is 208.85.40.0/21 and Rhapsody is 207.188.0.0/19.

Doing this by IP range is really the only viable way without a proxy. By the time any direct connection could be inspected, the connection to the remote server would already be established so it could not be rerouted at that point.

yes, if that doesnt work try putting LAN2 net for the destination, also have a default any-any rule in there

So again (i hate that), I am speaking to myself …

According to this post:
http://forum.pfsense.org/index.php/topic,29657.0.html

my planed setup should work.

BUT, according to this posts:

http://forum.pfsense.org/index.php/topic,5439.0.html
http://forum.pfsense.org/index.php/topic,21077.0.html
http://forum.pfsense.org/index.php/topic,11155.0.html
http://forum.pfsense.org/index.php/topic,26479.0.html

and this bug-report:
http://redmine.pfsense.org/issues/729

there are annoying behaviors in bridged setups with more than 2 interfaces.

So could someone give me some hints regarding:

Lets speak in pfSense words:

WAN1 --- WAN   (NAT)   LAN  --- LAN1 --- Switch --- if_lan              pfSense                               Multih. server WAN2 --- OPT1 (BRIDGE) OPT2 --- LAN2 -------------- if_wan

I do not want that anything from WAN-LAN is traversing to
OPT1-OPT2, means no TCP/IP no ARP no … nothing.
Regarding above posts and bug I am not sure with that.

To make it clear: My intention is to have "2 firewalls" combined
in one box. The 2 walls should be seperated as much as possible.

Is this possible with pfSense?

Thanks.
Regards,
CD

I see. I was hoping for something more automatic, but I guess I'll have to wait for 2.0 and pray that sticky connection will work there. Anyway, thanks a lot! I'll keep that in mind.

You need two wan interfaces on different subnet's
http://doc.pfsense.org/index.php/MultiWanVersion1.2

In short, my current traceroute looks like this:

1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]
** 2     8 ms     9 ms     9 ms  isp-router.isp.net [123.x.x.234]**
 3    17 ms    18 ms    25 ms  server-nat-address.my.net [x.x.x.65] (this is actually my pfSense box using NAT)
 4    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] (this is the server the address is 1:1 NATed to)

But I want it to look like this: (I don't want packets from the inside to go all the way to the ISP router, I want them to bounce straight from my router to their destination, if they're one of my addresses)

1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]
 2    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65]

So first, is this possible?  If so, can someone please tell me how to get my pfSense box to do it?

Thanks in advance.

Doh! I solved my own problem. It was totally a "layer 8" issue. For some reason, I stupidly set the netmask on the WAN connection to 32 bits! Setting it to the correct value (in this case, 26) fixed the problem and gave me back a default gateway in the routing table. I hope that helps some other fool like me.  :)

Sorted with update to v2.0

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

Hello. Mr. Perry. Thank you once again for your kind respond. OK as you said tonight i will follow your advice.
But tell you honestly when ever i try to put DNS(My ISP DNS) Ip As a monitor ip. I saw its Delay time much more than Default Getaway(Modem) Ip. Thats why I select Modem Getway ip as a monitor ip.

But i will try to check this as you said. Thank you very much. God bless

Hello,

Have you solved your problem because I have the same switch ?

Best regards.

Hi,

Thanks for the reply. The pfsense box are dual core and 2 GB memory.

Maybe I try again my config. I think the issue are related on DNS part. Thanks for the reply.

If you have proper port forwards setup on all WANs, they all work independently of one another.

@seanbdesign:

Hi Perry,

Thank you for the fast response, my datacenter said to use Layer 3 routing, they routed the subnet to me.  They told me I will be the gateway meaning I could specify the gateway in the subnet I want to use.  I don't see anyway in pfSense to do that.

Thanks,
~ Sean

Your 'gateway' would be the LAN address.  i.e. the servers in the subnet behind the pfsense will have the pfsense LAN address set as their gateway.

If their concern is only QoS, Siproxy and PPTP, you can notify the Voip company that your pfsense box will do all that and do a darn better job than DD-WRT on the 54GL.
I started off on this hobby with HyperWRT & DD-WRT on a WRT54GS (8% faster processor, double the ram & flash of 54GL) to begin with so I should know.

Make overtures to them and see if they're willing to accept that and clone the HFSC curves (if any; most just set a flat service curve) onto the pfsense box instead.  Makes things simpler to a certain extent anyway.

sir do mind if i get a screenshot of ur config,i follow this set up but still my fail over is not working but my load balance is ok

Go virtual and set the scenario in ESXi….

Then use fault tolerance to enable heartbeat between the PFSense box'es. Thereby you wont need 3 external IP's provided by your ISP.

CARP on the PFSense needs 3 external IP's to start with. By std. it cannot operate with only one external IP address.