this option was already enabled

If i check Disable all packet filtering option routing is ok

maybe u can try read this 1st
http://forum.pfsense.org/index.php/topic,17332.0.html

What exactly is your problem?
You are trying to connect from where to where?

From site A to the LAN on site B?
Did you create a static route pointing to the other pfSense for the subnet in question?

Could you update your diagram with IPs/Subnets, and describe how you test what, how it doesnt behave, how you expect it?

That makes sense. Thanks for the explanation.

You mean you want to mirror all the traffic there is?
Or just want to forward traffic going to the IP of the the pfSense on OPT to a host?

No mirroring is not possible.
Yes forwarding traffic is possible.

Letting us know what's actually happening would be helpful :P You've described your setup fairly well, but we don't know how it's behaving or how that differs from what you expect.

Also the 'WAN1 net' rule should not have a gateway, the system routing tables will take care of this automatically because pfSense is directly connected to this network, as long as the traffic is allowed by the rule you don't need to specify the gateway. You generally shouldn't have gateways in your rules unless you want to modify the default behaviour or use load balancing/failover. Just the default rule with the failover gateway should suffice for what you're trying to accomplish I think. Your rule for destination 192.168.0.0/24 also doesn't make any sense - isn't this your LAN subnet?

I echo all of dotdash's comments. Since you've masked your internal NAT'd WAN IPs (why would you do this, they're internal…), I can't tell - but if both of these use the same subnet, dual WAN is not going to work. You'll also have issues if either of them use the same subnet as any of your LANs. Either move them to different subnets or preferably get a real IP for each WAN link on pf. I suspect this is your problem based on my guesswork about your addressing by the way you've named the rules.

Your configuration looks generally correct to me though aside from these comments (as in it should be working as long as the subnets are different), so I expect the 'problem' may just be that your expectations differ from how you've configured it.

@GruensFroeschli:

Did you enable advanced outbound NAT?

(Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"

Automatic outbound NAT rule generetion (IPsec passthrough)

You wouldnt belive how long i had until i noticed this when i was dealing with RIP propagated routes….. :D

No, using Pfsense instead of EFW only if you want failover and load balancing but if u want to have a content filter . then you need to have EFW or something like smoothwall. i.e. because Pfsense Squid with MultiWAN doesnt works properly. and you will not be able to use squidguard.

Use the loadbalancing Service as a gateway.
Secondly use OpenDNS in both the WAN i.e. 4.2.2.2 and 4.2.2.4
So no DNS issues.
There are some protocols such as POP3 and SMTP which gives problem while authenticating for that you needs to create a load balancer service as a failover rule.

I may be wrong, but why are you using a swtich as both input to WAN for PFsense and output to LAN simultaneously? Wouldn't it be better to route WAN directly to PFsense then route back to LAN to the switch?

This make it more cleaner and you'll only have to deal with interfaces LAN and OPT1.

Oh well, at least my reply will kickstart your thread back and some expert can furthur assist you.

Add the static route via the gui and not on the console.
Under advanced activate the checkbox "disable firewall rules for traffic on the same interface"
(or something like that, i dont remember how exactly it's called)

thanks for the reply…

Do any of you know how to actually do it in zeroshell? All the guides are only written for the case where you have zeroshell on both ends, I just have it on one end and I'm trying to get it to work with OpenVPN/Vtun and ifenslave.. if you know how to do it please help me!

yeah boss, got that!

Everything is good now. Not too hard at all.

Downtime can be seen with the quality graph under "RRD graphs).
If you want it more specifically you will need to set up a network monitoring solution (like nagios) on a different system

UP/DOWN restriction depending on user should afaik be possible with some hacking with FreeRADIUS and the Captive Portal.
Not sure what the status is. Read more in the Captive Portal / packages subforum.

squid is not multiWAN capable.

Look at the available packages if you want to monitor who's using how much bandwidth.

…. I find it quite daring for you to request a "complete tutorial".
Write one yourself....

Just for the semantics:
The rules you posted are NOT the routing rules.
These are firewall rules.
It just so happens that you force in this firewall rules a gateway other than the default gateway.
This is called "policy routing" and has nothing to do with the routing table.