Yes.

With 2.0 you will have the option to terminate all the PPPoE connections on the pfSense.
However the limitation that no two WANs can have the same gateway still applies.

@Jahntassa:

I had to do this with Manual NAT and a rule in the Outbound tab. I think if you leave it on Automatic NAT you'd have to do a Static Route of some sort. I could be wrong though.

Problem solved, I did this

Firewall -> NAT -> Outbound -> mark Automatic outbound NAT rule generation
Then go to Firewall -> Rules -> Lan and create a rule like this:

proto: tcp/udp
source: 192.168.1.13 (Local IP to the machine)
port: *
destination: *
port: *
gateway: WAN5OPT4 (Interface)

@jimp:

What version are you using? I don't think sticky worked properly in 1.2.x, but it should be fixed in 2.0.

1.2.3  I'm not using 2.0 because of its beta status.

Thank you very much!!

SOLVED !!!

Everything is ok. The port 5060 was blocked from the teleconference device.

So it works perfectly now with OPT bridged to WAN and assigning the static ip to the teleconference.
Also PASS rule to OPT and Wan is needed.

Thanks.

I know … my loss is not complete though!

I still want to do it... how should I go

Regards

;D that would be great, downloading and burning now, lets see :)

[update:] and its broken. updated to latest beta, and even after a 'factory reset', I can't get connection with either the pppoe internet, or the 172 'wan' anyway, I'm tired, I'll try again tomorrow. :)

Sorry to reply so late.

Both WAN1 and WAN2 are static IP.

WAN1 IP = 10.1.1.2 Gateway 10.1.1.1 (Modem IP)
WAN2 IP = 10.1.2.2 Gateway 10.1.2.1 (Modem IP)

Two lines with the same gateway will not work.

Though if your ISP supports MLPPP, you could bond them that way and then you wouldn't need load balancing.

Failing that, you'd need some other little cheap NAT device to make the duplicate WANs appear as different subnets.

Your description what you want to do is pretty confusing….

From what i can guess you need an outbound rule (Firewall --> NAT --> outbound) on your WAN2 with as source IP your VIP.

Now I found the problem why the NAT is not working and I think it is a Bug in the pfSense 1.2.3.

It looks like that the "NAT Port Forward" have got problems with "Aliases" type "PORTS"
I create a Alias with 2 Ports (80, 443) type "Ports(s). I use this in my Alias in my Port Forward rule.

After I try to get on the external IP over a internal Network, it doesn't work.

Now I split the Port Forward rule into to rules without a alias and use for the one rule the port 80
and for the other one 443. And now BINGO, it works, I can access a Webpage from the internal
network to the external address what is a port forward to our internal network.

Now I test this on a another pfSense installation that we have in a another location and I can
reproduce the problem on that one too.

So it looks like the version 1.2.3 have the bug with PORT ALIASES.

Hope this can help other users now.

Best,
PD

In fact, it should be NATed, this is why I am confused
But as I told in the past, I want move everyone in 10.x.y.z networks to have no problem (as I know also the problem using Public IP for internal use…)
I just wanted to make the move to the new network smooth
But as I discussed with my boss, he finally agreed with me to move directly to the new network, so it will not be an issue anymore for us.

thank you

PM

;D
Thank you both for your assistance, I've managed to achieve what I set out to do, although it cost me a sleepless night.
Turns out there was a static route problem(there was a router on the OPT6 network, which was the gateway for all the machines. I setup static routing on said router for the LAN subnet through the OPT6 address, and now she works like a charm!)

Once again, thanks a stack…once I was able to rule out my PFsense box as the problem, I knew where to look. Couldn't have done it without you guys!

You can also make an alias for things like "WAN2 PCs" and add a firewall rule to direct traffic coming from those PCs out WAN2. Then you can just edit the alias to include whatever system you want to route the other way.

Bear in mind that will only work for new connections, existing states won't be cut off.

@martap:

In my setup I use the DNS forwarder as the resolver for all the clients so even though failover works great using the multiple gateways option internet access does break down because of DNS forwarder not able to forward its requests to the internet dns resolvers. Pitty…

You need a static route for one of your DNS servers for 1.2.3 (read the docs), or in 2.0, just pick your other WAN by one of the DNS servers in the drop down box on the general setup page.

Perfect, thanks for that Perry, i'll give beta 2.0 a go then, see if I can figure it out  :)

Jon

You have to setup NAT before you can ping or do anything else with a Proxy ARP VIP. Use CARP if you must have a pingable VIP without NAT.

As I said, not something a lot of people need.  ;D My last comment in #8 explains why it won't be done for 2.0. You can use sticky connections to avoid the breakage, and alternatively you can easily modify the source to kill all states on every status change which sounds like probably what you want. Or put any command in there you want, kill only states for specific IPs, lots of possibilities.

It started working again since my last reboot, so rebooted again just now to get it to the problomatic state. This is what I get in the system logs regarding apinger:

Sep 3 06:22:42 apinger: ALARM: 8.8.8.8(8.8.8.8) *** down ***
Sep 3 06:22:42 apinger: ALARM: 8.8.4.4(8.8.4.4) *** down ***
Sep 3 06:22:53 apinger: Error while starting command.
Sep 3 06:22:53 apinger: command (/usr/bin/touch /tmp/filter_dirty) exited with status: 1