What i would do: 1: Disable the ftp-helper on all interfaces. 2: Define a port-range on your ftp-server for the data-transfer. 3: forward port 21 and your data-transfer-range to your server. You can do that for each WAN. After this you should now be able to access your server from both WANs. –> A friend is running his ftp-server like this right now.

Not possible as of now, but might be. See my post here: http://forum.pfsense.org/index.php/topic,10833.msg60334.html#msg60334

When a link goes down, traffic will still go out over the link that is up. A static route is automatically installed for the monitor IP. So the pings will go out the correct interface.

Too tired to explain :) But it's how I do it. [image: HTPC_Rules.JPG] [image: HTPC_Rules.JPG_thumb] [image: opendns.JPG] [image: opendns.JPG_thumb] [image: StaticRoutes.JPG] [image: StaticRoutes.JPG_thumb]

yes it is supported. each firewall rule can have a gateway specified.

In order to use trafic shapping you would have to place the proxy in between the pf1 and the pf2. I would use ubuntu server with latest squid. SP1 –-- WAN1 ----                           |                Ubuntu Server                           |---- PFSENSE 1 ----- PRIVATE SUBNET 1 ----- PFSENSE 2 ----- PRIVATE SUBNET 2 ----- USERS                           |                                | ISP2 ---- WAN2 ----

I recommend always using the WAN interface as the interface containing the system's default gateway. That may mean you'll have to shift things around and put the WAN on your LAN, but that's the way to do it. There are areas of the code that can break your gateway when you rely on defining it in this manner. Just move WAN to where your default gateway is.

This is semi-related to this issue, added a link here so we'll look into this as well when we're looking into that one. http://cvstrac.pfsense.org/tktview?tn=1726,33

There is a feature request open on it. Doesn't mean it'll ever be implemented, but it is something we would like to have. No work being done on it at this time. Feel free to start a bounty if you would like to contribute towards this development (if someone agrees to do it).

Because when you direct traffic to a failover pool, it bypasses the normal routing table. Thus the traffic destined for the FTP helper will get shot out to the balancer pool and won't reach loopback.

I'm not really sure what I did wrong, but decided to start again from a virgin install.  Now it seems to work OK.  I must have fat fingered something non-obvious the first time 'round.  I'm using this version: 1.2.1-TESTING-SNAPSHOT built on Sat Jul 19 07:13:48 EDT 2008 Best,

@oracleofmacon: I also have written a rule concerning the WAN interface to pass any to any with any protocol. This should open me up. You probably don't want to do that. You only need rules on the WAN tab for services on the LAN, etc that you want to be open to the Internet. Say a web server. If you create a port-forward, these will be auto-created. As for LAN working and not the OPT interfaces- check your NAT, Outbound. If you have enabled AON, you need to copy the auto-created rule, changing the subnet to the subnet of the OPT interface. The firewall rules on your OPT interfaces should be similar to the default LAN rule, but with OPT1 subnet instead of LAN subnet, etc.

http://pfsense.trendchiller.com/transparent_firewall.pdf  might help

It is connected to the 2nd DSL modem and I'm using a straight cable for this, same with my other pfSense boxes. It is the same cable I used for the 2nd pfSense box that serves as our manual failover (I know it's an ugly backup)

i solved my problem putting a router befor my wan2 nic. the problem seems policy based routing and the routing table even if i have a rule in my lan tab on the firewall, Proto  Source  Port  Destination  Port  Gateway *        Notranji  *      *              *    x.x.x.161      (Notranji is an alias for all my servers internal ips) all the traffic that should go to isp2 is not routed by this policy but according to the routing table, here is mine before putting the router inforont of WAN2 nic Internet: Destination        Gateway            Flags    Refs      Use  Netif Expire default                    x.x.x.161    UGS        0      165    vr0 x.x/16                link#1            UC          0        0    rl0        <–here all my trafic is routed to the WAN2 gateway but according to my LAN rule it x.x.0.1        00:90:1a:a0:14:01  UHLW        1    1533    rl0    121                                        should go to WAN1 gateway localhost          localhost          UH          0        0    lo0 192.168.0          link#2            UC          0        0    re0 192.168.0.3        00:01:6c:af:04:ed  UHLW        1      508    re0  1162 192.168.0.21      00:17:08:37:a1:f3  UHLW        1    23638    re0  1176 192.168.0.26      00:19:db:c8:68:a9  UHLW        1    7108    re0  1123 192.168.0.27      00:18:8b:7e:e7:a3  UHLW        1    10306    re0  1199 192.168.0.31      00:19:db:d5:aa:15  UHLW        1  375631    re0    898 192.168.0.40      00:1d:92:01:f4:f7  UHLW        1    2617    re0    932 192.168.0.52      00:01:6c:3c:fd:12  UHLW        1      803    re0  1176 192.168.0.86      00:0f:fe:3f:02:5c  UHLW        1    7580    re0    955 192.168.0.90      00:13:d3:d6:55:bb  UHLW        1    19875    re0  1195 192.168.1          link#3            UC          0        0    re1 192.168.1.3        00:14:2a:2b:0b:cb  UHLW        1    4439    re1    949 192.168.1.5        00:11:5b:ef:6e:6f  UHLW        1    9650    re1    969 192.168.1.132      00:12:a9:56:1a:76  UHLW        1    3830    re1  1134 192.168.1.137      00:13:e8:75:3c:79  UHLW        1    6254    re1  1196 192.168.1.148      00:16:ce:20:10:44  UHLW        1    24456    re1  1101 192.168.1.150      00:18:de:0f:9c:1c  UHLW        1      542    re1  1119 x.x.x.160/27              link#4            UC          0        0    vr0 x.x.x.161                  link#4            UHLW        2    2923    vr0 x.x.x.162                      x.x.x.162    UH          0        0  carp0 x.x.x.163                      x.x.x.163    UH          0        0  carp1 x.x.x.164                      x.x.x.164    UH          0        0  carp2 x.x.x.165                      x.x.x.165    UH          0        0  carp3 is there another way to solve this, coz I'm planing to have some more IPs from the other isp? thanks

please check this thread out http://forum.pfsense.org/index.php/topic,10069.0.html

ermal, I'm confused. What information do you need that is not in the thread? I think we've been really descriptive.

@GruensFroeschli: Can you show a screenshot of your OPT-setup-page? What you describe is what happens if you dont set the gateway on this page. Are your gateways all in the same subnet? I am not sure why, but I just decided to re-install onto the hard drive and try from scratch.  Now things are working as expected.  Gremlins?  I am testing it now. Best,