Are you running the torrent VM on your inside network?  I assume you are.

Where are you trying to access it from?  Other machines on the inside network don't need to go through pfsense.

If you are accessing ffrom the internet then you need to forward on the router (if it is NATing) and on pfsense.

Okay, Well….

I figured it out. I just had to add an outbound NAT rule and it is working 100%

Not sure if its working as intended but my problem is solved so I am happy.

It will work if manually editing and uploading the config.xml and not touching that pool from the webgui I think.

So I understand it's fixed now?

HI,

I assume your talking about the link for pfsync? Yes that would just be a crossed cable.

I was meaning a switch on each cat5 cable provided by the ISP. I would need that so I can connect 2 different fw hosts ethernet ports to the one cable. The bit they recommend was to make sure it has STP and then connect the 2 switches together. That would give the additional resilience (cable A fails, and both ethernet cards on the posrts connected to switch B fail - routing can happen via switch on a, through to B then on B's uplink - A somewhat extreme when I think about it).

HI Sai,

when i  only use NAT on WAN Interface ( 1st WAN) i can not access to internet when 1st Wan unpluged ( down)

But when i add more NAT rule as i did then  i can access internet if 1st wan or 2nd wan down.

I don't know why ? I will will see it later

BTW thanks Sai

@superwutze:

i tried rules pinning the dns-server-requests to the correct gateway but to no effect. also not having load-balancing is very important for me.

You need to use static routes, not firewall rules for the DNS resolution.  Firewall rules only work for traffic coming from one of the interfaces. DNS resolutiuon is generated by the firewall itself so firewall rules do not work.

If you use a recent snapshot ( snapshots.pfsense.com ), you can have loadbalancing with failover behaviour, n(as opposed to roundrobin behaviour) . This means that trafic is only sent to the backup WAN if the main one fails.

Should be fairly simple. If it does not work post your firewall rules and your load balancing setup.

FTP problem solved! Well, simple answear would be much more time saving for me…

So everyone who need help with FTP issues, here are simple steps to get it work (both passive and active modes works).
From the web GUI:

1. Fire Wall -> NAT: add standard FTP rule, in my case:
WAN  TCP  21 (FTP)  10.1.1.xx (ext.: 212.xx.xx.xx)

2. Fire Wall -> Rules: Beside the automatic rulles created by pfSense add one more.
TCP  *  *  127.0.0.1  8000 - 8020  *  (permitted traffic to 127.0.0.1 on ports 8000-8020)

3. Interfaces -> LAN: Ensure that the FTP helper box is NOT checked.

4. Interfaces -> WAN: Ensure that the FTP helper box is NOT checked.

Knowing this I could save a lot of time, irritation and head acke. I hope this info help other users!

Reference:
http://wiki.pfsense.com/wikka.php?wakka=FTPTroubleShooting

ok..thank for help..now i no set the VLAN 1(pfsense ) and the cisco (still maintain same VLAN 1) for trunk and straight ok ..thanks a lot..

I would think you would want to put this in the config.xml.
http://faq.pfsense.org/index.php?action=artikel&cat=10&id=38&artlang=en

There's an option for an early shell command. This may be what you need.
Basically, you'd have to download the config, edit the xml to add the entry to run your shell script, then restore the modified xml. Good luck.

ok thanks hoba, now works, sorry for this, noob question  ::)

You don't need 3 boxes. Unless you find something that's specifically a "bandwidth splitter" to use in one of those places. One pfsense install could replace all 3 of those boxes in the diagram, with some caveats.

You can do policy routing based on protocol from L4 information, but some protocols are going to be difficult to route based on that because they use so many ports, like Bittorrent.

"large file transfers" don't look any different at L4 than small file transfers with the same protocol, so that may be a problem.

"anything else that would 'clog' a regular single-ip connection" - basically impossible to detect at L4, at least as far as policy routing is concerned.

Some of what you're describing would work fine on pfsense, other things would be difficult to do well with any device, though some pricey enterprise class routing/load balancing equipment may be able to tackle it all.

Firewall Rules, LAN. Before the 'Default LAN Any' rule add something like:

Just occured to me, you might also need to add an advanced outbound NAT rule depending on what you want to do. Something like:
WAN2 local IP * * * (specific WAN2 IP) *

Thanks hoba!

@hchady:

create aliases for each of your new subnet, the add a firewall rule to pass the trafic, and NAT rules also if you want to route these subnet to your WAN IP

I'm afraid I don't understand.

Aliases in PFSense appear to make word references to hosts, subnets or IP addresses, not a traditional IP Alias.  It says in other posts to use Virtual IPs.

http://www.mail-archive.com/support@pfsense.com/msg07105.html

I should not need NAT in order to create real routes.  I have NAT disabled in my DD-WRT unit.

Thanks.

1. i dont know why exactly it might not work with VmWare but i already had some problems with VmWare and Network and always solved them through putting the tests on a dedicated machine ^^"

2: do you mean your DHCP-clients behind PfSense should get the DNS entries?
the option in the post above only makes PfSense aware of the Servers.
If you want the Clients to have the entries too you have to change your DHCP-Server Config.
If there are no entries in the config, the DHCP-Server sends your Clients the IP of Pf itself and Pf acts as a DNS forwarder

Make sure you are running one of the latest snapshots. What version are you testing with?

Update on the problem. I found out that I can switch ports and the internet for that ISP will start working for me for a while, after that it fails and I have to switch ports. Anyone have any idea what could be causing this and how to fix it?

Natreflectionm should work for VIPs as well if I remeber correctly. The only situation where it won't work is when using 1:1 NAT.

OK i was wondering if its possible, and that seems to make it so! thanks for your help