This might be a bit hacky. I assume you can already communicate between both sides. You need on the side on which it works an advanced outbound NAT rule. Create one at the top with source the other subnet and interface WAN. With this you allow traffic from your side to be NATed to the internet on the other side. Now create under the loadbalancer a dummy-pool. Save this, downloadnthe config.xml and edit this dummy pool to reflect the tunnelIP of the other side. Restore the config. On your side create on the firewall lan tab a new rule with as destination the ip(s) you want redirected and as gateway your new loadbalancerpool. (sorry writing on iPhone… If you dont understand the part with the poolediting and config.xml search the forum for this. I explainit better elsewhere)

@dreamslacker: Sounds like Xrio but the website does state that their appliances can actually do some form of policy based routing. it's not xrio but very similar to them

You should also post this to the trixbox and pbxinaflash forums. Lots of guru's there. There really isn't a need to put the asterisk on the internet…It's safer to get it behind the firewall and port forward. I've successfully established many remote sip extensions with no issues. I have pbx in a flash at the main site, behind a pfsense box. The remote extensions are behind the run of the mill dsl/cable modems. Nothing fancy. Phones have been Snom's and Mitels. If you're connecting multiple asterisk boxes just use iax2 connections. Only One port to forward. Good luck

Hey folks! I'll gladly write yous up a script but it would be great if you could give me a few days as I'm just busy with work. Cheers

Hi john, I'm fairly experienced in networking as well however you probably hav more knowledge however I'll give my 2 pence :) the outbount NAT rules are used from the top down. Have you tried placing tHe NAT rule at the top? Also make sure the destination is set to the DMZ sub net also, would you not expect to see requests coming from your WAN IP? like when you surf the net, external servers will see your WAN IP… You probably can so some fancy footwork to get the DMZ servers to see the DMZ if interface but I imagine it required adding rules manually cheers

ANd one questation my load and balance working with 2 modems, because two modems have same subnets i had to one modem put in mikrotik router. Problem is that when i ping internet from mikrotik1 from the picture i have same ping to the internet but when i ping internet from mikrotik2 which have internet from pfsense i have sometime few timeouts. I dont have big load. Can i fix that problem ? thx regards to all [image: situation.JPG] [image: situation.JPG_thumb]

Thanks for your reply. If you look at my other post, you will see a different idea that I had: http://forum.pfsense.org/index.php/topic,19078.0.html it's basically looping the output of the new gateway back over to the WAN which would then allow me to use policy based routing as above. Wot ya think?

Thanks.  :)

1.2.3 rc1 fixed the issue all together, thank you everyone for your help.  I am looking forward to 2.0 :-)

Assign the VLANs to OPT interfaces, configure an IP subnet on each OPT interface, add firewall rules, and configure your hosts and access ports accordingly. some info here: http://doc.pfsense.org/index.php/Category:VLAN

add a rule to the top of your LAN rules, protocol any, source any, destination LAN IP, gateway default.

If you have the same IP on a different NIC, the router could have the old MAC cached in the ARP table. Turn the router off, wait a minute and power back on.

I know i opened up a very old topic, but i see Google is indexing this as nr #1 and this will definitely help people configuring IPv6 on pfsense boxes. I wrote an article at http://remcobressers.nl/2009/08/configuring-native-ipv6-pfsense/