@UBBERdave:

Thanks - out of interest though, why does packet scheduling not negate this the way I'd expect?

Dave

I have no idea. But my guess is, the packet shaper of pfsense is a whole lot better than of monowall, however, the packetshaper of monowall is a whle lot easier to configure and use. pfsense is a lot more powerful, but kinda complicated for first time users of packet scheduling. AFAIK, only monowall can share bandwidth evenly on a LAN.

slbd

Yes if the nic support vlan switch's
http://forum.pfsense.org/index.php/topic,61.msg3194.html#msg3194

Wow, that is cheap. VLAN capability seems to be what separates the boys from the men, so to speak. The prices tend to jump like crazy.

I actually recommened pfSense in a VM on a Dell desktop for someone recently, and it this option was cheaper than a decent router with VLAN abilities. (And I've convinced it will be more flexible, also) Go pfSense!

@tacfit:

I have a similar problem, but I can't ping either of the routers beyond pfSense. I think I need to re-check my rules though…

I've finally implemented load balancing and failover as in the how-to and… ta-dah! suddenly I can ping and connect to http configuration interface of both router and not only the router attached on WAN if....  ???

sigh :(

Thanks anyway.  ;D

Gateway needs to be in the same subnet.

Yes I already know that, it is working now with configuration of one pfsense, i'm wondering how to configure everything to be working with CARP failover etc..

now i have 1.x.x.2/30 as my WAN address and my public network assinged as other VIPs, then i'm doing 1:1 NAT.

and now how to add 2-nd pfsense box? what ip should i use as WAN address on each pfsense? what ip should i use as WAN CARP ip? can i still use private IPs 192.168.x.x inside my LAN?

edit:
realy? noone knows? :(

I'm pushing to have it changed in a future release to allow policy routing to any address you desire, but no ETA on that. Possibly for 1.3, maybe not until after that.

oh thank you so much pootle. i didn't know that there's 1.1. i downloaded pfsense twice and the only available for download is 1.0.1.

anyways, i tried the 1.2 beta 2. what beta are you using? i hope the beta 2 will be stable although i really haven't used any pfsense yet. i'm a virgin pfsense user  ;D

I know you all are getting sick of my posts.. Figured i would post this to help someone in the future even tho i know it has already been suggessted once before.

One of the machines at are work experiencing the issue, just had a bios update released for the motherboard, so we figured what the hell.  After the bios update, the disconnection issues went away!  So another thing to keep in mind.  Thanks again for all your help fellas

Bit of a silly question, but have you enabled the interfaces as well (I ask because I have forgotten to enable and spent 30 minutes feeling very confused  ???)

I've fixed it again…...

Any more suggestions?

Still not working, even with suggested info.

You would accomplish this with two easy rules, one for each interface.
Simply create a rule something like this:

Proto        Source                    Port    Destination    Port                Gateway
  *      10.10.10.0/24                  *            any          *        Default/wan2/wan3, etc.
          (or just choose lan
      subnet, dmz subnet, etc.)

Proto        Source          Port    Destination    Port                Gateway
  *      192.168.0.0/24      *            any          *        Default/wan2/wan3, etc.
        (or just choose lan
      subnet, dmz subnet, etc.)

Just select which gateway you want the traffic routed through.

I've put back a proper version of the Wiki page - for now…  There's a new Wiki on the way which should stop the spammers I understand.

Version 1.2 is still work in progress btw, so doesn't have all the later info from 1.1

Add them via Firewall, Virtual IPs, go to Firewall, NAT, create a port-forward, pull the proper IP from 'External Address'. Leave the box checked to auto-create the firewall rule.

Hello Bruno,
perhaps you could use IPCOP as Proxy in non-transparent mode, so all http-requests will be guided through IPCOP (You have to set all Browsers in your net to use this proxy), while the rest of IP-Traffic uses the default gateway!?
If your "No-nat-friendly Apps" don't use http, they could work through default gateway without double NAT, if they do, I'm at a loss of ideas here

Schnulch

did you follow the Tutorial ?
http://pfsense.trendchiller.com/transparent_firewall.pdf

After contacting my ISP they revealed that the subnet had been changed on my block of IP addresses to a 25 bit subnet so the problem has been solved by using 24.158.60/25.

Thanks guys.