If you do not want the DNS to be overridden in that way, go to System > General and uncheck the box for allow DNS override.

Then the servers you put in that page manually will be respected.

The issue turned out to be "Block private networks" must be disabled. As far as I can tell, this can only be done on the WAN port so I had to reconfigure how the firewall was being set up, but now it works.

At last I did it!
I used another switch, with the same configuration, so I tagged on each vlan the port to which the pfsense box is connected, and untagged each port belonging to each vlan, and it works. So I guess it could have been not only a misconfiguration problem, but a switch one.

Thanks a lot for the help.

Scenario 1 would work. If all three lines are connected to pfSense, you can make firewall rules to match the traffic you want, and direct them to the appropriate Load Balance Pool, Failover Pool, or directly to a given gateway.

Scenario 2 could work, but would not be ideal. The LAN side of the load balancer and the WAN side of pfSense can be in the same subnet, yet, but the LAN side could not be unless you bridge it to WAN, which would make some features unusable.

Just wanted to let you know that now my Things sync and also the Apple Remote App for iPhone work again with the pfSense beta1 build from 05/04/10…

Just add the faster link to the load balancer pool multiple times, roughly equivalent to the bandwidth ratio.

If WAN is T1 (1.5) and OPT1 is 3, you probably just need a 1:2 ratio, so just put opt1 and its monitor IP into the pool twice.

In pfSense 2.0 you can weight the gateways appropriately to get the same effect.

Hi,

Just got it to work, added a static route for the pbx, changed the siproxd to use the opt1 interface for outbound traffic and changed the firewall rules so sip traffic is allowed :)
Pritty easy actually

Did some  forum searching, seems like I should have that rule?
Firewall: Rules: Lan = Default Lan >any
Maybe the Gateway should be "Loadbalance" instead of "Default"?
I see a lot of errors in firewall log, not sure what they are.
But Loadbalance seems to be working.

12.png
12.png_thumb

The shaping might work on WAN, but not on OPT WAN, and your total download speed would be limited to the bandwidth given for WAN.

I've heard of people doing shaping that way with a shaper box behind an LB box, but you should have NAT completely disabled on the shaper box.

How well it works, I'm not sure.

You can also look at things like Pound reverse proxy. For pretty cheap, you can use pound on a low-end (like old deskpro en) pc and direct traffic from pfsense to the reverse proxy. The reverse proxy forwards to your internal IPs based on domain name, so you can use one public IP to many internal IPs. Do a web search; Pound is not the only reverse proxy available–-squid works, too.

I'm not sure I understand your statement about the 2 network drops in the same vlan /30.  are you refering to the WAN network /30? If your ISP is providing switched infrastructure (VLAN) for your WAN, you'll need them to give you more than a /30 for CARP.  CARP will have an IP overhead with at least one unique IP address per device that plans on sharing the VIP.  You'll need to have at least a /29.  You'll also have to make sure they are not using packet filters or other firewall between your two VLAN access ports, if your interfaces lose communication across their switch, CARP will not work.

Your subject line mentions BGP, are you planning on running BGP between the PFSense and your ISP?

About your interface shutdown, you may have to manually disable one of the ports initially while the first port is configured and WAN established.  It could probably be configured as the CARP interface and you can add your second interface to the group whenever you are ready.  If you establish the seocnd interface without switching connectivity or before WAN is ready, you may run into problems because both interfaces will think they are "Master" interfaces.  I'm not sure if that answers your question.  Please elaborate.

Although I have not done a setup like yours, I can probably suggest that you could set up NAT after you re-IP to the new IP range, as long as the ISP is willing to maintain routes to your gateway for both old and new prefixes while in transition.

Hope this helps
–Ja

Gordon,

Thanks again,
As you stated.I did not have my LB Pool set up correctly,
I went through the 1.2.3 LB setup again.
Now I had the LB,,name,,, as an option for gateway.
It appears now both nics are sending/receiving about the same amount of data!,,,,yyyeaaahhh!
Going to pfsense ip.php the ip address changes as it should!
Now,,I can not get a ping response from any of my created VIP's/Typep-ARP to forward ports for internal mail server to public.
That'll be a post to VIP section forum
Getting closer!

Regards,
Barry

No, you cannot use them both directly if they have the same IP address.

Your ISP can't change that at all? It's really crazy that they are forcing you to use their device for NAT. That also means you could never accept any incoming traffic unless they added port forwards on your behalf.

hi
you first need to add your ip block as Virtual IPSs.
then, as you suggest, you could use 1:1 NAT to route the virtal IPs which will now appear in the nat rule.
don't forget to add some firewall rules to allow traffic over your new routes.

gordon

Ah!  Hadn't even thought of that!  I'll grab a 8-port managed Netgear then :)

I passed the setup by our "PCI auditor" and he approved it, and didn't catch the unmanaged switch either, useless auditor…...

@dsteel0:

Hey all,

I'm slowly getting my head around PFSense 1.2 RC3 (which I assume is 1.2.3? The "Versions page makes no mention of 1.2 RC3), but I have a couple of questions, if I may:

RC versions are release candidate versions,  all of them old and outdated by now and not recommended for normal use unless there's a good reason for using them. 1.2.3 is the latest official release of pfSense.

I know this might be for a different post but I did change those setting and will see how it goes..

My next question is let say my dsl goes down (that's my 10mb down and 1 up) now it's on my cable. How do I keep my Queues right? I have my queues set for the dsl because that is my main I have the bandwidth set at only 7.5 down and 650 kb up  leaving lots of room for VoIP  but if cable goes online then I only have 1 mb down and like 200 up or something not sure need to test again.

recap- DSL  goes down now it's on cable    now the queues are not right  can you make queues just for the cable or opt1 wan port?

or if u really want to have pfsense for the entire setup.. i did it by having 2 pfsense dealing with each of the pppoe connections.. and then another pfsense for dealing with the load balancing.. its tedious to manage the NAT rules in this kind of setup though :P