http://forum.pfsense.org/index.php/topic,7001.0.html System: Advanced: If you want to be able to use NAT-mappings from withing your own LAN disable the checkbox "Disable NAT Reflection" You might have to create a rule with as destination: "globalIPofServer" and gateway * above the rule that forces the traffic to a specific WAN. But i'm not sure about that.

That really depends on how your DNS-server responds to dns-requests for a non-existant domain. Linux is probably intelligent enough to detect that you wanted to ping an IP but that the IP was misswritten. If you enter 192.168.1.1127 into a webbrowser on windows you can see that it tries to resolve the misswritten IP as if it where a domain-name.

Problem solve ..thanks for the time sir… :)

when i set the OPT1 interface to .233 i can ping it from outside the network but it still wont route traffic from .234 when i set the gateway to .233

Thanks!  ;D

If they're routing that shared IP to you, you should be able to add it as an Other VIP and use it for NAT on both WANs

I suggest using 1.2.1 for all bridging, 1.2 had some bridging related bugs that could cause strange behavior with what you're trying to do.

@slickbackwood: You can turn NAT off in the SYSTEM / Advanced in the Traffic Shaper and Firewall Advanced Area I wouldnt do that. With this you disable NAT but you also disable the firewall function. A better way to do this is to enable "Advanced outbound NAT" (firewall –> nat --> outbound) and delete all rules --> NAT will no longer be applied.

here: http://forum.pfsense.org/index.php?action=search http://google.com http://www.freebsd.org/doc/en/books/handbook/network-aggregation.html

Maybe use a pfsense as a router in front of your devices and depending on what connection you want to use just change the default route.  That way the users gateway for their PC's is static and all you have to do is change the default route and all traffic will flow to that divice or gateway.  You could also use vyatta's opensource router.  I am actually in the process of testing it myself.  Supposedly also has a GUI.

Interesting I have a similar setup but with Cisco routers.  I have wireless bridge and point-to-point T1 between 2 locations with additional T1 for internet.  I could actually get rid of the point-to-point and just do VPN.  In Cisco routers it is OSPF which handles that function.  I do not know if pfSense has support for that yet. http://forum.pfsense.org/index.php/topic,10703.0.html These products can do OSPF.  http://www.vyatta.com/ is based on http://www.xorp.org/ the vyatta has a gui front end which might be better if you prefer that.  This is opensource so you do not need to buy expensive commercial equipment. You could always start a bounty for this feature as I am sure others would really like it and might contribute.  You have nothing to lose in creating a bounty.  ;D  http://www.quagga.net/ can do it but is GPL licensed which some of the devs will not touch.  There is openospfd http://dpw.threerings.net/projects/openospfd/ which from what I can see uses the license that is prefered by the devs here.

If it is version 1.3 your using, reading other threads in http://forum.pfsense.org/index.php/board,49.0.html will help.

@sussox: Ok, now i have checked the above. Filtering brigde is enabled. And all rules are removed on both WAN and LAN. I still see DHCP-ACK in the log of the DHCP-server on the WAN when i renew the lease on the DHCP-client on the LAN. Isnt this strange? This is driving me crazy.. I have it running with a single rule, blocking ANY protocol from the LAN-net to the WAN. But still the DHCP travels the bridge! When i disable the bridge, the DHCP stops working (of course) but when using a filtred bridge with no rules (or a single a block all-rule, like above) DHCP still gets through.. Bug?

sorry for long time not come to this forum… my firewall inteface was set as :- 1. WAN 2. LAN (User in my network use this interface) 3. DMZ 4. SLAN (LAN for server) so.. what you think..

I suppose you use Proxy ARP VIP's. These are not pingable, but they do work. Only CARP type VIP's are pingable, but the VIP has to be in the same subnet as the main-IP of the interface. I understand that you dont want to manage multiple devices, but in this case i strongly recommend that you use the VLAN capabilities of your switch. As it is now you have to use an unsupported way of adding multiple IP's. If you ever have problems you WILL have to dig within pfSense to do troubleshooting instead of being able to work with only the GUI.

link fixed

http://forum.pfsense.org/index.php/topic,7001.0.html Also what are you ultimately trying to achieve?