thanks for your help, thats just what I was looking for. I needed to verify that it was possible, I really wanted to avoid double natting if at all possible, i just wasn't sure that modems could do that sort of ip passthrough.

Many Thanks
C

The short answer is yes with a HTTP download manager ( google round robin ). But i would recommend to split your users and assign failover pools to them.

Thanks for your reply Perry.

I have changed the monitor IP address from my ISP DNS servers to OpenDNS Servers. Its not the monitor IP address.

Thanks for the idea on updating to 1.2.1.

Doesn't the VLAN WAN use a different gateway? If they are the same, what's the difference between the traffic on the VLAN and the untagged traffic?

@frenchsquared:

So, I have a round robin setup with three Cable modems. Wan, opt1 and opt2…..

I have same thing;

Most often I have seen this problem on various forums.

On 1.2.1 it is see other threads for a detailed reply.

You can if you upgrade in 1.2.1.
Take a look at /usr/local/sbin/slbd.sh.

Sticky connections do not work well for outbound load balancing. Also outbound load balancing doesn't play nicely with SSL.  You'll do better to create a failover pool and policy route all your SSL connections through the failover pool (ie: all SSL connections go out WAN 1 unless WAN 1 fails, then all SSL goes out WAN 2).

Hi all,

This setup as described by Jeddaka works for me to, I do not have a ftp server in the network so only used the ftp helper settings and the rule on LAN interface.
Now all download links referring to ftp pages and also my ftp client are working fine.

Thanks.

Only when I was testing it in a lab environment. The border routers are Cisco routers where I work because they are controlled by a different group so I'm not sure how well it does under heavy load, etc.

finaly I found a solution

so pfsense does not create correct pf rules on wan when there is another
wan connection
basicaly it does create those rules (from /tmp/rules.debug)

User-defined aliases follow User-defined rules follow

pass in quick on $wan from any to any keep state  label "USER_RULE"
pass in quick on $OPT1 reply-to (le2 y.y.y.y) from any to any keep state  label "USER_RULE"

but the rule should be like this

User-defined rules follow

pass in quick on $wan reply-to (le0 x.x.x.x) from any to any keep state  label "USER_RULE"
pass in quick on $OPT1 reply-to (le2 y.y.y.y) from any to any keep state  label "USER_RULE"

so I had to make a change in the file /etc/inc/filter.inc
on the line 1581 from this
if(($rule['gateway'] == "") and ($ri != "") and ($rg != "") and (stristr($rule['interface'],"opt") == true)) {
to this
if(($rule['gateway'] == "") and ($ri != "") and ($rg != "")) {

so this way rules are created correctly

@dotdash:

Type ifconfig from a shell prompt and see if the alias shows up. If not, you probably made a syntax error when you edited the xml. Try typing the command in from the shell and see if that works.

Thank you! Now I have almost everything!

Almost, because unfortunately I have one more thing to do. I need to forward some ports, just like this:
1. wan - tcp - ext. port 6005 - nat IP 192.168.16.99 - in port range 80
2. wan - tcp - ext. port 6006 - nat IP 10.10.10.99 - in port range 80

The first example (1) is working, but the second one does not want to :(
I must add, that is not necessarily 10.10.10.0 to have access to the Internet - I just want to port forward.

Maybe you have any ideas?

I had quite the similar problem and checking the checkbox for "Bypass firewall rules for traffic on the same interface" solved it perfectly.
I think it is a bug though, I do allow all traffic to flow between the internal networks yet large file transfers would stop after a while.

Anyone?

Is there a way to create bridge0 and bridge1?  Or isn't this in 1.2?  Is this going to be in 2.0?

Thanks

Hehe. I had to run into this a few times myself until i got it ;)

Hmm, no it appears i cannot ping anything outside the LAN, including the gateway IP's, so i guess it isn't a DNS issue. I will however backup my setup and start again with only one WAN, though in all fairness it also doesn't work when i route the internet access rule to a specific gateway rather than to the dual wan gateway group, so i am not sure that's going to help.

Cheers

Gareth

Yes that's about what i meant.

You could also set something like this up:

rule1: source:lan ; sourceport:any ; destination:any ; destinationport: 80 ; gateway:Loadbalancing
rule2: source:lan ; sourceport:any ; destination:any ; destinationport: any ; gateway:Failover

Or replace the "destinationport: 80" in the first rule with an alias with all the protocol-ports you would like to balance.

Like this you default everything to failover only (like ftp) but have loadbalancing for all the services you use mostly want to balance (like http).