Thanks for this post and the reply!! I have been meaning to tackle this for a long time but never got around to doing it until today. I was following the above guide and had everything set up identical to the steps listed, but I was unable to access the Internet from a DMZ machine. I triple checked my rules but everything looked fine and I couldn't figure out why it wasn't working. I was about to post for some help, but after one last check of my settings, I noticed the NAT Outbound tab. I remember back when I had first setup my pfSense (two years ago) that in order to get Hamachi and the KAD Network to connect properly, I had to manually specify outbound NAT rules in doing this, a NOTE under the tab states: If advanced outbound NAT is enabled, no outbound NAT rules will be automatically generated any longer In checking these rules, I saw that there was a rule which was allowing my LAN connection to access the Internet and thus manually created one for my DMZ based off the same rule. This fixed my problem!! So for anyone else out there that is using the Advanced Outbound NAT Rules and trying to setup a DMZ, remember to manually create an OUTBOUND rule for your DMZ to access the Internet in ADDITION to the steps outlined in the Monowall guide. Thanks again

@GruensFroeschli: you add VPN capability not on the interface. there is a seperate section just for VPN. Hmm… I can have only one WAN PPTP or PPPoE not both?

I SOLVED THE PROBLEM. I THINK routing tables was messed up. i just reset to factory defaults and it works fine now. Thanks for your time  :)

I'm sure it can handle it… You'll have to install 3 NIC;   one for WAN (I would use the one from the ISP B)   one for WAN2(OPT1) (this one will have your 8 IPs from ISP A)   one for LAN From that you'll have a default route created by pfSense to allow everything from LAN to WAN, after that you'll be able to configure either NAT Port forward or even NAT 1:1 wich will NAT everithing from one external IP address to one internal IP address. For your LAN to access your servers on OPT1 I would create records that override DNS Forwarder reply to access the server directly through routing. So instead of doing PC1 -> pfSense -> ISP B -> ISP A -> pfSener -> Server it will do PC1 -> pfSense -> Server MageMinds

I don't know if you're still looking to do this, but I made it work … Here is how I built the VPN, I must say that one side was a Linux OpenSwan though. The trick is the remote subnet and local subnet. Even if you put 0.0.0.0/0 in remote subnet, the local trafic will remain inside, because the router seens to assign a higher metric routes for ipsec connections. On pfSense1 you should set the IPSec as follow pay attention to local subnet [image: pfsense1yk9.gif] and on the pfSense2 as follow pay attention to remote subnet [image: pfsense2td3.gif]

Have you tried changing the advanced outbound NAT rules?

Hi hirschma, FTP (outgoing) is work in a multi-wan environment, in LAN interface you checked FTP helper regards, John Nguyen

@hoba: I just set up some testenvironment in my lab and tested this with a failoverpool of wan and opt1, both set to dhcp and it works like a charm. Good job seth! Btw, lot's of people have demanded this feature and now that it is available only that few testers? Come on all you loadbalancing users out there, we need some feedback!  ::)

Eureka! It works! Geez, I will admit my n00bness, thanks all for replying and clearing this all up for me.

Upgrade to 1.2RC1 and see if it goes away. Sounds like some sort of FreeBSD compatibility issue with your hardware, which the newer version may resolve.

The checkbox did the the trick. I didn't read the description right. I thought it was implying if pfSense was doing the routing between the subnets. Yes, I have two WAN connections.

I run two VLANs in one of my installs for management sake. I separate the VoIP and data equipment with VLANs. The VLAN's are managed by a Layer 3 switch which handles routing between the VLANs. pfSense is connected to the Layer 3 switch and thus all networks can be seen through that single interface. If you do it this way make sure you set up static routes between pfSense and the Layer 3 switch and also choose the firewall bypass option for static routes in the Advanced page.

I have one installation with 1Mb + a 256k links. To increase the load on the 1Mb link I added an additional monitor ip with the same gateway and worked great.

It worked !!! Thanks a lot  :)

something to try, on the Advanced page, disable the firewall. Does it work then? If not, the problem isn't firewall rule related. If it does work without the firewall can you post screenshots of your firewall rules?