Lan and wan are bridged. I just turned off the advanced option "Bypass firewall rules for traffic on the same interface" Did not help.

What I have found out is that my Mcafee firewalls on our clients have started treating its own subnet as an un-trusted network. I do not know if this is a coincidence it happened the same day I installed the pfsense firewall. To fix it I had to manually put in the IP address for the trusted network on each machine.

That works! I don't know why I didn't think of that. I did have a lot of ports to forward, but aliases make it a little simpler. I control which gateway is used for the servers with a LAN firewall rule like all the user systems now. I tried using outbound NAT rules, but it seemed to break everything as soon as I enabled it. I can't create firewall rules to use a virtual IP as the outgoing gateway. I guess I will keep a 1:1 NAT mapping for my mail server. Obviously the mail server needs to send mail from the IP which its domain resolves to, which I think was why I started using 1:1 NAT to begin with.

@eihcet:

Lastly, has anyone purchased the PFSense book, is it mainly a hardcopy of the WIKI guides online or does it expand upon items like this?

The wiki guides aren't all that great, they were written by outside contributors. The multi-WAN coverage in the book is extensive, and written by the person who has done more of those setups than anyone (i.e. me  ;D), it's far and away better than anything freely available.

@eihcet:

However, when it gets to the gateway section I can only select gateways from the drop down list, of which none are the right option and I can't manually type in a gateway address… My choices are:

Default
10.1.10.1
LoadBalancer
Wan1FailstoWan2
Wan2FailstoWan1

I've got it working now using a failover rule "WanXFailstoWanY".  The guide makes it seem as though you can specify just the one gateway and if there is a failover it'll just block the traffic

The individual gateways as you have them configured are there, 10.1.10.1 would be your OPT WAN, and default is your WAN. If you pick one of those it will behave as you describe. If that gateway isn't right, your interface isn't configured right.

There isn't any way to properly accommodate shaping in that scenario at this time.

You could, with caveats. Reconnection wouldn't be guaranteed to get the same server if the previous connection was closed and expired from the state table. It's best to use either something like Citrix for that, or MS NLB, but it should work.

Please login to forum  and  You can view image…

The VPN is just Routing and Remote access that is a Windows Server Role.  I do not physically get two IP addresses when I connect to the VPN, but I can ping both sides by dns or IP.  I get a .0 address, but can not RDP or go to the web portal of anything on the .10 network.  I am not sure what you mean if this is bridged.

which date of snapshot are you using?
Sounds like this issue, possibly:
http://forum.pfsense.org/index.php/topic,19763.0.html

If so, upgrade to latest snapshot.

They do not have any static routes. Just the simple VPN connection back to the Netscreen 25. The 25 handles all the routing for the remote VPN connections. The Issue is I cannot find any way to tell the Netscreen to send all its traffic out the local Ethernet interface to the pFsense box

The pFsense box can route to the netscreen just fine. And to recap I can ping sweep across all subnets from the home lan but they cannon ping me at all.

Thank you so much for the help!

Thanks for that advice.  I altered the setup to use 2 real interfaces on my alix and configured a separate switch port to send the data for the VLAN to the second real interface.  Routing now works.

I think this may be a better approach for another reason also; My understanding is that, since the NIC chips in the alix board don't natively support tagged VLAN, there might have been performance and/or MTU issues the other way.  This way, the switch can do the work of untagging the frames and PFSense just routes.

Jeff

@ermal:

You need to specify for rules regarding server X the no state otherwise pfsense will block the traffic because of the state keeping.

I'm totally new to pfsense, might you have some example URL's or more information.

Thanks so much.

Mike

Just look at Firewall->Virtual IPs.
Linux as its way pfSense has its way.

Search before posting.

Sorry about the late reply.

It sounds like you're not changing the outgoing rule. You need both the NAT rule (or just use AoN) and a firewall rule on the LAN interface that sends matching traffic out your second WAN. The NAT rules are just there to perform NAT on traffic leaving those interfaces coming from the specific networks, while you need the firewall rules to actually direct the traffic there in the first place.

If you want to load balance you need to set up the round robin pool in the load balancer and use that as your the 'gateway' in your firewall rule instead of one of the WANs, but I'd suggest that you get it set up such that you can route traffic manually out either interface and that's working properly before you try and get load balancing/failover going.

Thank you so much for the help, that worked perfectly!!!!!!

-Altrez