Try upgrading and redo the load balancing pools.

If I understand you right xplozia, then you can do this with pfSense - see here http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing for load balancing, with this set up you can also make particular traffic (to an internet server, or from a local server) favour a particular connection. Note that to get this you need the 1.0.1 iso disc, and then update to mid jan or later snapshot - I'm currently running on 9th Feb snapshot which works mostly OK for me.

I don't want to open new topic, so: We have one pfsense machine 10.111.0.x with wan1, and that machine is connected to another pfsense (10.111.12.x) with wan2. Is it possible to connect those two WAN-s somehow? And if yes, where should I look for some tutorial. Thnx

1. Sure it matters.  Linux howto's don't generally apply to FreeBSD unless you using linux emulation, etc. 2. Good job.  I have given you my standard canned response because what your doing is outside of normal pfSense support.

Please try the latest snapshot. The ping issues are fixed now too.

This won't work for static IP configurations. You really should test the lates snapshot. The timeouts have been raised to make links go down not that fast.

well guys (girls) Pfsense is running a 50 user companys internet load sharing on a 1ghz pIII 256 ram 3 nics and Hd When properly configured it blows away what the little and very expnsive previous firewall $0n!c W@ll i am not by any means knocking the $0n!c W@ll but this is far superior. thank you for all your help and hope to see you in the future!!!!!!

You need to add a rule on the LAN NIC. 1. Firewall/Rules/LAN. 2. Add new rule. 3. Interface: LAN. 4. Protocol: TCP. 5. Source type: LAN Subnet 6. Destination port range from: HTTP. 7. Gateway: OPT1-OPT1. 8. Save. 9. Move rule to top. 10. Apply changes. 11. Wait couple of seconds. 12. Try to browse to http://www.whatsmyip.net and see if it shows you correct ip address.

Only traffic running through the pfSense will be balanced. The pfSense itself will always only use the default gateway or what's in the routing table.

TCP  LAN net  *  *  80 (HTTP)  WAN2 Allow WEB (HTTP)

It was just a positive comment. After a long time dealing with this problem, probable I don't make much sense anymore  ;D

The diagram: http://shevah.us/OfficeLANv2-censored.png

ok. so, i have asked the network admin whether he created vlans on the switch for each subnet with regards to the previous NAT server. Actually, he didn't. He just created the 2 subnets from the NAT server, which is Windows 2000, trunked to one interface and didn't do anything with the switch.  On the Windows server, he first entered an IP which is 192.168.2.1/23 and added another IP for the same interface which is 192.168.3.1/24. The result are two subnets that can route data to each other. I wish I could do the same with pfSense. Thanks

Trafficshaping is currently only supported between 2 interfaces at least when using the wizard. Everything else (creating your own trafficshaping from scratch) is highly experimental and you really have to know what you are doing to make it work.

I would expect that the linksys works in the same way as the pfsense in that it can work WITH a VLAN, but not actually set up a VLAN. Read up on VLANs.

the standard workaround for dynamic ip addresses is to put in a simple (maybe Linksys) router in front of the pfSense. You might do a traceroute and pick the next hop as a gateway.  it might work. Dynamic gateways! wow. what will ISPs think of next to hassle us?

Did you create firewallrules to let the traffic pass? Can the clients from the opt subnet get out to the internet?

Bridge the port you want to use for the Voip, to the port that has your hub on it.

I would recommend getting another subnet for the second ISP too. There are DNS-services that can check servers for responsability and switch the nameresolution to different IPs if the main IPs are not working anymore. This way clients would get the IPs of ISP2 resolved if ISP1 goes down. You even could do a loadbalancing between both ISPs this way. There are DNS-services supporting this too. I know scott is working on a dns-package for pfSense doing things like this. Afaik it's nearly done.