Thanks for the replies… I already have the firewall rules configured so that port 443 traffic will always go through WAN1, and that seems to be working fine (and it's one of the only services that is). I'll test out that patch as soon as possible, however it probably won't be until the weekend (the nearest time that no one will be using it).

Thanks!

this mean no authentication?

any possible to enable the authentication using radius server?

No, sorry, the anyway means its me not understanding it!

Oh i see, yeah for some setups it is useful.

Kinda resolved.
After deactivating SIP on the CP IF, i added 224.0.0.1 to "allowed ip address" rules in the captive portal config. Now the icmp router advertisment is no longer blocked by the CP.

Cheers,
Eskild

Hi

I hope this patch work with failover and 1.2 release
I will test soon !!
I can't wait for 1.3 sorry

THx

Traceroute from LAN_1G (OPT1)
Note that it appears three times

dreamnid@agentx:~$ tracepath zackfasel.com    1:  agentx.local (10.20.5.3)                              0.171ms pmtu 1500 1:  10.20.5.1 (10.20.5.1)                                  0.524ms 1:  10.20.5.1 (10.20.5.1)                                  0.475ms 2:  10.20.5.1 (10.20.5.1)                                33.050ms 3:  gig1-3.rochnybtn-rtr01.nyroc.rr.com (24.93.0.221)    33.259ms 4:  srp7-0.rochnymth-rtr03.nyroc.rr.com (24.93.3.119)    33.714ms 5:  srp3-0.rochnymth-rtr01.nyroc.rr.com (24.93.3.177)    32.491ms 6:  so-0-2-2.syrcnycsr-rtr03.nyroc.rr.com (24.92.224.173)  35.512ms asymm  7 7:  te-3-2.car2.Cleveland1.Level3.net (64.156.66.41)      54.347ms asymm 16 8:  ae-11-11.car1.Cleveland1.Level3.net (4.69.132.197)    54.681ms asymm 15 9:  ae-4-4.ebr1.Washington1.Level3.net (4.69.132.194)    55.968ms asymm 14 10:  ae-2.ebr3.Atlanta2.Level3.net (4.69.132.85)          73.618ms asymm 15 11:  ae-7.ebr3.Dallas1.Level3.net (4.69.134.21)            93.455ms asymm 16 12:  ae-83-83.csw3.Dallas1.Level3.net (4.69.136.162)      85.446ms asymm 17 13:  ae-4-99.edge3.Dallas1.Level3.net (4.68.19.200)        86.994ms asymm 19 14:  te7-2.cer01.dal01.dallas-border.com (4.71.198.18)    87.819ms asymm 22 15:  po55.fcr03.dal01.dallas-datacenter.com (66.228.118.182)  87.324ms asymm 22

Let me know if you need anything else.

Thanks!

http://forum.pfsense.org/index.php/topic,7001.msg39657.html#msg39657

i have setup the wans but the internet is very slow through the pfsense

i have three wan with 1024 each but it only giviing me 30 to 50 kB

So the answer is.. it doesn't work till someone creates a module..

Bare in mind again I am talking about outgoing ftp.. but I did read the part that said only works on primary WAN.

You simply need to reverse the gateways in the failover group.  Make sure the type is set to failover and not load balance.

Also, you should be on 1.2-RC4 if you are not already.

This issue is now solved..
It was the Captive portal that was enbled on the interface..  ;D

/MartOn

Search the forum.
This has been covered multiple times and there are quite a few guides on how to setup VIP's

1. Create a VIP on your WAN interface with the public IP.
2. Forward the ports from the VIP to your server

done

You are aware that yy.yy.yy.83 is a Public IP ? I can't see with that link I can create that ?

That's why you should use a VIP.
If it where a private IP you could just simply route it.

@DWAyotte:

Anyone know of any utility or method to test a few thousand states (preferably 10,000)?

Thanks :D

Yeah somebody on my network had loaded this Weather Watcher program. The program must of have been a zombie for a DoS attack as a couple weeks ago on Friday morning the network just went down. I pulled up the pfSense router webgui, which took forever to load, and the states were pegged at the 10k max. It was making thousands of requests to weather.com.

Why dont you just try it?
If it's not working i'm sure someone might help you.

Yes. If you want to reach another subnet behind a router on NIC2 then yes you need to add a static route.

GruensFroeschli…. you are a tonic for my befuttled brain.  That worked!  :)

Still not sure that I fully understand it but let me digest it here a bit and I will follow up here with some closing comments.

Thanks again to everyone who assisted.... I really appreciate it.