Natreflectionm should work for VIPs as well if I remeber correctly. The only situation where it won't work is when using 1:1 NAT.

OK i was wondering if its possible, and that seems to make it so! thanks for your help

@h8r: TCP LAN net 21 (FTP) * 21 (FTP) * Even tried with OPT1, but doesn't work. I followed this advice here http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#FTP.2FNAT-Reflection_Workaround You quite the right source. just add the rule like described there at the very top of your rules. The rule you created won't help as FTP is not only port 21. Delete this one, setup the rule like described in the docs and reset states (diagnostics>states, reset states) to make sure there are no old states from previous connection attempts.

Yes, I noticed that the GUI was changed. Its nice to stress that in the wiki. Currently load balancing and failover is working very nice. As to the inbound load balancing - I will use dns tricks to check if rl0 is online, if not update the dns records with the alternative lines' IP. Not inbound load balancing at all. I will post here my results. Greets for the nice product!

Nice work, thanks!

@leimrod: It might also be worth noting that pfSense needs to be restarted after implementing this rule for it to fully take affect. At least this was the case with my experience of trying to get FTP working Should usually not be needed. I guess it's a state problem if you tried it just before setting up the rule. In that case a diagnostics>states,reset states should fix it.

Thank you, I'll give it a try.

I've found the error.. Since my WLAN runs over OPT3 but is bridged with LAN I thought it would be enough to simply add the rule(s) for LAN / LAN Net.. Which was not.. I had to also do the same rules for OPT3 as for LAN.. whyever… Thanks

Yes, just create firewallrules at firewall>rules, lan tab that matches the one or the other kind of traffic and use the desired gateway at the bottom of the rule.

I have formatted my configuration and now it's working ! Thanks

Thanks for help hoba!! The problem was resolved … I do SMTP port forward with TCP only and ... get right  :). My MX registry is pointing to my OPT1 (WAN2) interface and now mail server is working correctly. Francisco Ricardo Natal/RN - Brazil

Works like a charm :)  Thanks for your help!!

Dears Hi agian I make this toplology by combine pfsense and mikrotik in one pc (VMWARE) and when I download with accelarator is download from all ip and when download from IE it download from one IP . is this OK and not make problems [image: Drawing1.jpg] [image: Drawing1.jpg_thumb]

Try this solution until PPPoE for Multiwan gets fixed: http://forum.pfsense.org/index.php/topic,3554.msg25298.html#msg25298

That would be my typical luck.  I downloaded the 03/20/2007 version.  :'(  Oh well, at least I can confirm it's fixed and working good in the 03/22/2007 version.  ;)

@zbuzanic: We have 2pfsense PC's and each one has its own WAN. Static routing is engaged, how can I enable access to wan1 on pfsense1 for someone on pfsense2? Becouse it's forcing him to wan2, and I wan't him to redirect to wan1. Maybe I dont understand your diagram, but you might want to try policy based routing.i.e.: If you want to route traffic for 200.20.20.0/24 from the RED firewalls LAN to WAN1 on the YELLOW firewall. Make the first LAN firewall rule source    destination            gateway *            200.20.20.0/24      OPT    (assuming OPT is the interface connected to YELLOW) Then on YELLOW you need to allow the from RED traffic through.

optimally what would be a good firewall ruleset for OPT1 considering it's going to be a DMZ? also, would it be wiser to put it on the NIDS, so i can view the traffic via snort-mysql+base? ez, play0r

I originally did a traceroute through my DSL and was pinging one of the ATT core routers, but they turned off ICMP on me, so now I just monitor the gateway of the PPPoE connection. In my case the WAN is 10.20.30.174 and the gateway is 10.20.30.254. Probably the DSLAM. It's been working fine for me. The new lb code is much easier to figure out- you can just pick the interface from a drop-down and point it to 'WAN gateway' etc. BUT the new code chokes on the PPPoE connection due to the goofy subnet mask… You could probably just use the gateway the cable pulls too, I'm not that familiar with cable tho.

Different ISPs have different settings. Each needs to be evaluated for the best pingable ip. My own ISP does not allow me to ping the DNS servers. Sometimes it blocks pings totally.