Thanks for the reply! 
I was planning to use 1:1 NAT on some machines and Port Forwarding on others with everything located in a Private network on the LAN if.

I wrote my ISP and got a response yesterday that will probably change things.  They would like to use an intermediary /30 network to send our subnets to us.  I'm going to ask if they'll use a /29 so that we can add a second Failover pfSense box after we get everything working right on the first one.

I'm trying to figure out how to set things up to "receive" the subnets.  For explanation, I'll refer to the /30 or /29 network as subnet A, and our two existing subnets as B and C.  From what I understand, I'll use an IP address from subnet A on my WAN if.  I still want to have a private network on my LAN and using 1:1 NAT or Port forwarding from the Public IPs of subnets B and C for that.

I'm trying to figure out how I configure pfSense to use the Public IPs from Subnets B and C.  Is it as simple as creating Proxy ARP VIPs?

Thanks again for helping me through Routing 101.  :)

Thanks, I'll have a chance to test later this week. In the interim, I was thinking that it's a little surprising that no one else has done this sort of thing with PfSense in the past. Even the most basic CISCO 2500 series can filter by IP and TCP rules. I'll post back as to whether or not I was successful.

Thanks again.

Hi Sub.

Sorry no, I did not quite understand the reply I got and I got disconnected several times so I might have missed relevant parts of the conversation :-)

i tried uploading to rapidshare & my company T1 dedicated server i only get 2.5mb upload speed max was 3.2mb on private file servers.

I think i have more then inuff cpu & ram? i got AMD 3500+ & 2gb ddr2 ram

Thanks

Or use OpenVPN in shared-key mode for the site-to-site tunnel and route whatever you want using its custom options (it does obey the routing table)

Try latest code.
This should fix it for now https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/315e1253f624c8a348385b85560659c2def02aeb

I see you're double-NATed (your 'routers'  that your pfSense box is plugged into are also NAT routers themselves) - this can cause some complications and confusion.

I would suggest you make sure that under WAN you have disabled (no checkmark in) the "Block Private (RFC 1918) addresses" - that could cause a number of issues.

Hello All,

Thanks to All of suggestions made. I have decided a pretty easy workaround for our setup is to ( if WAN goes down) to do Squid,uncheck allow users on proxy, Squidguard,uncheck enable SquidGuard, Do status>Services, stop Squidguard,stop Squid.
This will allow web browsing,on WAN2 although unfiltered of course. This will be much simpler as our previous firewall setup,as with it,if either WAN went down I had to physically go to server room and readjust wires on the firewall. ( I have to be a two remote buildings besides here during the day.
Once the WAN is restored I can reset Squid back to original setup.
With this setup I can at least WEB-UI into the pfsense from any building I am at,and make changes and web browsing will be restored in just a few minutes after I start getting phone calls telling me internet is down,,,:)
BTW: I did try the Opendns suggestion and I got the same results as with the two ISP dns servers.
I may eventually try pfSense 2.0 and see if I can get Squid to work on both WANs.
I have quite a time getting everything ironed out on these two pfSense boxes at two buildings I would like to leave them as they are for right now.

Thank You,
Barry Cisna

To direct an IP to a specific WAN, just add a firewall rule at the top of LAN that will match traffic going to that IP (or an alias with a bunch of IPs) and set the gateway on the rule to the WAN you want (Or preferably a failover group that just prefers that WAN)

It should work either way. Unless there is a security or other reason to segregate the SIP devices, it would be easier to keep them together.

Hi, I had some progress recently. Let me re-dram a simplify network diagram.

Internet
   |
   |
   |
ADSL Modem
   |
   |
   |
–--------------------------      -------------------------                ------------
| WAN   OPT(10.12.51.3)|----| LAN1: 10.12.51.254|                |    ITSP     |          
|                                   |     |SIP Router               |                |SIP Server|  
|       pfSense                |      |                     LAN2:|------------|10.20.30.1|
|                                   |      ------------------------                 ------------

Lan (192.168.1.254)

|      PBX         |
|192.168.1.250|

I finally realized I should setup a Dual WAN configuration on my pfSense firewall. Because I can not touch the SIP router provided by ITSP, I can not setup a static route and tell the SIP router our LAN is on the other side. So, with a simple static route on pfSense won’t tell the packet come back to my LAN.

I setup a gateway address (10.12.51.254) under OPT1 interface. OPT1 just acts as another WAN port. After that, I can ping the SIP server at 10.20.30.1.

But the SIP call can not be established. According the other tutorial, I enable AON, I create NAT for LAN segment for both WAN port and OPT1 port, and make the static port for SIP 5060. For inbound NAT, I setup a rule for SIP UDP 5060, pointing to PBX at 192.168.1.250.

I have the incoming call working perfectly, but the outgoing calls still have problem. Because the SIP server will only accepts SIP Invite from authorize IP10.12.51.3. I use Wireshark to capture the packet, in the message header, the SIP Invite IP actually from the PBX IP 192.168.1.250 rather than 10.12.51.3. It seems a NAT problem, hopefully experts can give me some hints.

Maybe the key is to make the "accounting router" a "filtering bridge"??

"LAN" is just a name.
It doesn't have to be a real interface.
–> assign the LAN a VLAN.

What you probably want:

assign interface1 as WAN create as many VLANs as you need on interface 2 assign your VLANs as LAN and various OPTs.

Ahh gotcha! Thank You!

On 1.2.3 this is not possible without using real VLANs and a managed switch.

On 2.0 you can add multiple gateways on an interface and use those in gateway groups for load balancing and failover.

Thanks for the clearing the status!

Some local forum in my city told ppl to keep away from using pfsense for multi-wan, I tried to check it out but after google-ing I was more confused, cause some ppl said can while some said cannot.

Thank you for all the reply I really appreciate the help. My last question would be incase i get my hands on resources like additional ip address for my WAN(s) like 3 each. Do i need more LAN cards? currently have 3 on each. Would my current setup will be suffice in order to make it high availability internet and firewall failover? If so can you guys help me with the diagram if its not too much to ask? Thanks thanks!

What I do for cases like this - HTTPS and whatnot, is to create a "Failover" loadbalancer (or two) configured similarly to the loadbalancer one - then create a firewall rule on LAN (in your case for 'destination TCP port 2082') that uses the Failover gateway you created instead of the loadbalancer - that way you'll stay on the one interface/IP unless that link actually fails.  I'd prefer this to assigning a single gateway as it still provides functionality should you lose one WAN link.