You only were referring to the wifi clients accessing the dsl modem in your previous posts. Actually a lot a whole bunch of routes is needed at pfsense1, pfsense2 and the DSL modem if the Modem should be accessable from everywhere.

add the routes you need at system>static routes.

Thanks for letting me know what truely was the limitation on DHCP. I assumed it not working was deeper than the problem of always having your gateway address change. Everything appears to be working great now. and time to start digging/tweaking some of the other features.

-Phatty

Hi again,

There are some problems with the Squid package (or maybe not) and probably the inerent rules it creates (that I don't know how to see them).

To have access from a workstation to the Net (HTTP, HTTPS, FTP) with or without Squid I had to:

1. configure Squid in transparent mode (still I can use it manually by chosing de IP from pfSense and the port 3128 (I usualy chnage the Squid port to 3328).

2. Service -> Squid ->Network Access Control - Allowed Subnets -> 192.168.1.0/255.255.255.0

3. Edit /usr/local/etc/squid/squid.conf and change the line "http_access deny !pf_networks" to "http_access allow pf_networks". This was the only way I found to get HTTPS and FTP, besides HTTP, working under Firefox with a manually configured proxy.

I don't know if this helps anyone or anyone can help me.

Best Regards,
Joao

thanks !

Able to open incoming connection from internet to lan for spesific port via Port Forward and NAT 1:1 via WAN interface.

Some questions:

FTP download is very-very slow on WAN interface from internet (already open TCP FTP and TCP 55000-60000 for Passive FTP). Unable to ping the OPT1 interface from any (already open ICMP connection to it's IP). Unable to ping virtual IPs on OPT1 interface from any (already open ICMP connection to it's virtual IP).

Userland applications on FreeBSD are not multi wan capable (in a nutshell).

The reason we get multi-wan in pf is because pf bypasses the internal routing table in this case.  So when we redirect FTP to userland, we loose multi wan capabilities.  Same holds true for squid as well.

@sullrich:

Its built into slbd, but without the static routes its pinging out the primary wan, which is most likely up.

I have created a gateway pool (which is running ok), but slbd never started up.
I tried to launch it myself (without any argument) and it's running, but I don't think it is checking anything about the gateways.

I can read this in the LB log tab :

Mar 14 21:56:29 slbd[4556]: Using r_refresh of 15000 milliseconds
Mar 14 21:56:29 slbd[4556]: Using configuration file /var/etc/slbdcap

Unfortunatly

/var/etc/slbd.conf is empty
/var/etc/slbdcap doesn't exist .

@sullrich:

Do this from a shell:

touch /var/etc/use_pf_pool__stickyaddr

It will use sticky address once the daemon is restarted.

Sorry, I read it on the board a few days ago, but thought it was a server loadbalancing trick :)
I will give it a try ! Thanks

I <3 u! ^_^

whoops, missed that one, sorry.

Now my Provider has confirmed that the subnetmask of 255.255.255.248 was and will
correct assigned by the dialin router/server on provider side.

Meanwhile my pfsense works with the mask 255.255.255.255 correct - mean
the public ips on the bridged interface are working.

'Thanks

Hi All,

I have been attempting to successfully configure Dual WAN connections to my PF Box. I have tried unsuccessfully for 4 months using every possible combination that I can find in the Forums and in Tutorials and WIKI and think of and I have not been able to get Dual WAN to route traffic correctly. Even in the Dual Wan configuration, only WAN1 passes traffic in both directions.

Setup:
LAN 1 IP: 192.168.1.1 (Default)
WAN IP:  172.16.10.0
ROUTER1 IP: 172.16.10.0 ADSL: STATIC IP
OPT1 IP: 182.165.20.0 (WAN2)
ROUTER2 IP: 182.165.20.0 ADSL: STATIC IP

The PFSense Box is NOT running as pppoe.

ROUTER1 & ROUTER2 Configured to authenticate and NAT. If either are connected directly to a PC or Network, Traffic flows perfectly. With every attempt WAN2 ROUTER2 does not pass traffic through to ISP. I can ping the Router2 Ethernet Address, but not the ROUTER STATIC IP when WAN is disconnected.

If WAN is connected to ISP and WAN2 is connected I can Ping the ROUTER2 STATIC IP and when doing a tracert its path goes through WAN1 and ISP account and back tracks to the ROUTER2 on the Internet side. If the ROUTER1 is Disconnected ROUTER2 Ethernet IP Can be pinged but No traffic is transferred and the Statci IP is unreachable. I looked at the Firewall Log but nothing unusual shown.

For one brief moment after a new install Beta2, I was able to ping and tracert ROUTER2 Direct without going out to the internet. But as soon as I disconnected ROUTER1, ROUTER2 was unreachable. After a restart, neither Router1 or 2 passed traffic and a format and reinstall was necessary to enable traffic flow.

I know that I must be missing something during the configuration that others are doing out of habit and not thinking to record the action. I have followed everything exactly and still dual wan / load balancing does not work for me.

I dont know if others are having as much trouble as I am settinh up Dual Wan, but I would dearly like to see incorporated into PFSense a wizard to suit multiple config setups. EG: Select MultiWan, Failover, Carp, Load Balance etc during the initial setup so that it becomes fool proof and in the end a fully configured PFBox as the users needs. Just enter the details of the IPs of LAN / WAN / OPT1 / OPT2/ ETC and GW's and if it requires Load Balance.

What am I doing wrong. CAN someone Please HELP?

Kindest Regards,

Craig Roy.

Prob fixed.
I bridged the Lan to Wan and assign the first ipadress (Wan IP) on the Lan nic too.
Now the static ips being routed.

did like You wrote,

ping from LAN A to 10.x network is ok
ping from LAN B to 10.x network destination host unreachable.

i'll ask cisco gui to check routes also

Slightly offtopic in the same vein, anyone here have experience with OSPF on FreeBSD, in relation to pfSense I'm curious as to the difficulty level of whipping up a quick interface to it.

(As though there is such a thing.  OpenVPN should teach me better than that….)

check out this article from the wiki: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing
you basically have to modify the rules and create rules for different traffic (like destination any ip port 25) and select the appropriate gateway at the bottom of the rules page of each rule. the loadbalancing pool is optional. you can skip this part from the wiki for what you want to do.

okay thanks, now the box is running already for 2 days… :)

i am getting back to my firewall project.  what is "next hop gateway (router) IP addres"? 
i think that the answer is the IP address of either the aDSL or the cable modem.  The gateway shown by the interfaces page for the aDSL is a 10.x.x.x and its ip is 70.x.x.x(the interface page also lists DNS servers, curiously it shows 192.168.1.1 which is the ip address of LAN, why?).  For the cablem modem the interface page shows an ip address but no DNS servers.

i want Lan1 and the DMZ to be assigned to the aDSL connection and the Lan to be assigned to the cable modem.  in the box that asks for "the next hop gateway (router) IP addres" what do i enter there?