have you considered putting both WAN interfaces on each pfsense box and use carp to failover? alternatively, you could have pfsense box 2 be tier2 of a failover on pfsense box 1, and vice versa.  You could load balance and failover also.

I have a similar setup. WAN – x.x.224.55 (pppoe) LAN -- 192.168.x.x OPT1 -- x.x.225.178/30 The client connected to OPT1 is x.x.225.177/30. Automatic NAT is turned off in pfsense and I have created an outbound NAT rule on WAN for 192.168.x.x, so the host on OPT1 is routed without NAT. That takes care of the routing. Now for the vlans. I'm a little less familiar with vswitches, but on the pfsense side I would use one NIC for the LAN and create 2 vlans on the other NIC for WAN and OPT1. You'll have to do something in esx to trunk the 2 vlans to the one NIC.

It only works only on the WAN if you use the FTP-helper. If you disable the ftp-helper on all related ports, configure manually a passive port-range on the server and then forward 21 and <your_port_range>from WAN and OPT1 you can access it from both. Also see: http://doc.pfsense.org/index.php/Howto_setup_ftp_server_behind_pfsense</your_port_range>

There might be a way to do this with squid, but not in our GUI, and your second WAN would need to have a static IP. Not sure about the others, but I know Pandora is 208.85.40.0/21 and Rhapsody is 207.188.0.0/19. Doing this by IP range is really the only viable way without a proxy. By the time any direct connection could be inspected, the connection to the remote server would already be established so it could not be rerouted at that point.

yes, if that doesnt work try putting LAN2 net for the destination, also have a default any-any rule in there

So again (i hate that), I am speaking to myself … According to this post: http://forum.pfsense.org/index.php/topic,29657.0.html my planed setup should work. BUT, according to this posts: http://forum.pfsense.org/index.php/topic,5439.0.html http://forum.pfsense.org/index.php/topic,21077.0.html http://forum.pfsense.org/index.php/topic,11155.0.html http://forum.pfsense.org/index.php/topic,26479.0.html and this bug-report: http://redmine.pfsense.org/issues/729 there are annoying behaviors in bridged setups with more than 2 interfaces. So could someone give me some hints regarding: Lets speak in pfSense words: WAN1 --- WAN   (NAT)   LAN  --- LAN1 --- Switch --- if_lan              pfSense                               Multih. server WAN2 --- OPT1 (BRIDGE) OPT2 --- LAN2 -------------- if_wan I do not want that anything from WAN-LAN is traversing to OPT1-OPT2, means no TCP/IP no ARP no … nothing. Regarding above posts and bug I am not sure with that. To make it clear: My intention is to have "2 firewalls" combined in one box. The 2 walls should be seperated as much as possible. Is this possible with pfSense? Thanks. Regards, CD

I see. I was hoping for something more automatic, but I guess I'll have to wait for 2.0 and pray that sticky connection will work there. Anyway, thanks a lot! I'll keep that in mind.

You need two wan interfaces on different subnet's http://doc.pfsense.org/index.php/MultiWanVersion1.2

In short, my current traceroute looks like this: 1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1] ** 2     8 ms     9 ms     9 ms  isp-router.isp.net [123.x.x.234]**  3    17 ms    18 ms    25 ms  server-nat-address.my.net [x.x.x.65] (this is actually my pfSense box using NAT)  4    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] (this is the server the address is 1:1 NATed to) But I want it to look like this: (I don't want packets from the inside to go all the way to the ISP router, I want them to bounce straight from my router to their destination, if they're one of my addresses) 1     4 ms     3 ms     2 ms  myrouter.my.net [10.0.0.1]  2    14 ms    18 ms    18 ms  real-server-interface.my.net [x.x.x.65] So first, is this possible?  If so, can someone please tell me how to get my pfSense box to do it? Thanks in advance.

Doh! I solved my own problem. It was totally a "layer 8" issue. For some reason, I stupidly set the netmask on the WAN connection to 32 bits! Setting it to the correct value (in this case, 26) fixed the problem and gave me back a default gateway in the routing table. I hope that helps some other fool like me.  :)

Sorted with update to v2.0

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x

Hello. Mr. Perry. Thank you once again for your kind respond. OK as you said tonight i will follow your advice. But tell you honestly when ever i try to put DNS(My ISP DNS) Ip As a monitor ip. I saw its Delay time much more than Default Getaway(Modem) Ip. Thats why I select Modem Getway ip as a monitor ip. But i will try to check this as you said. Thank you very much. God bless

Hello, Have you solved your problem because I have the same switch ? Best regards.

Hi, Thanks for the reply. The pfsense box are dual core and 2 GB memory. Maybe I try again my config. I think the issue are related on DNS part. Thanks for the reply.

If you have proper port forwards setup on all WANs, they all work independently of one another.

@seanbdesign: Hi Perry, Thank you for the fast response, my datacenter said to use Layer 3 routing, they routed the subnet to me.  They told me I will be the gateway meaning I could specify the gateway in the subnet I want to use.  I don't see anyway in pfSense to do that. Thanks, ~ Sean Your 'gateway' would be the LAN address.  i.e. the servers in the subnet behind the pfsense will have the pfsense LAN address set as their gateway.