YEAAAAAAAAAAAAAAAAAAAAA!!!!!!!!!!!!!!!!!!!!!!

thanks to all, specially to hoba.
I solve my DNS PROBLEM, I don't set option Services-> DNS Forwarder -> Enable DNS forwarder

all run ok now

:)

I have the ultimate live-cd version (1.0-RC1) but in this version don't are the new option "USE INTERFACE AS GATEWAY".
I Don't HD and need this option for solve DNS PROBLEM and other bug fixed.

That I can do?

Can't compile new live-cd without this bug?

Tks friends

Loadbalancing requires routing. It doesn't work for transparent setups as it utilizes a gatewaypool.

@hoba:

Actually you CAN do some kind of weighting. Let's say one of your lines is twice as fast as the other you can do that by adding 2 times gateway IP of fast line and 1 times gateway IP of slow line to the pool (you also could do that 5:3 or whatever you like). Haven't tried that myself but heared it was working for someone I asked to try that. Give it a go and report back  ;)

This unfortunately doesn't work due to pf handling route-to's.

"Other" simply accepts the traffic for these IPs where "proxyARP" generates layer2 messages for the virtual IP.

the gateway ip is static.
and pfsense always got the same ip from modem router.

even i try manually set a static ip, the problem persist.

rgds,
rex

Adding this to hostapd.conf should give you what you are looking for. This should work in hostapd 0.4.8 and newer.

rsn_preauth=1
rsn_preauth_interfaces=em0 (layer2 connected interface to talk to other AP's)
The rsn_preauth lines are only for preauthentication of WPA key etc. This provides the client to preauth to the new AP prior to actually associating(romaing to) with the new AP.

iapp_interface=em0 (layer2 connected interface to talk to other AP's)

@hoba:

Not with pfSense 1.0 but a feature like this will be in the next version (not yet implemented).

failover wan won't work unless you have load balanced wan right now.  I might talk hoba into setting this up during our hackathon so we can get this working.

–Bill

@ribes:

@sullrich:

This feature was recently MFC'd and had been forgotten.

If this is a full installtion then issues these commands from a shell to update:

cvs_sync.sh releng_1

Is there a way to try this on an embedded platform?

No, you only could use diagnostics> edit file from the webgui to replace the file the changes were made:
http://cvstrac.pfsense.com/chngview?cn=12705

Yes.  Be sure to visit the faq and query about ftp and such.  There are a few limitations for multi-wan but it should mostly just work.    Sounds like your 3 wan is really just a LAN, btw..  So you may be only needing 2 WAN's.

We do not route either of them from what I know.  At this point you will need to dive into the code and prove me otherwise.  It doesn't work, period.

From the frontend yes and it also is presented this way in the created ruleset, however the roundrobin still is used without weighting. We did some tests with that and billm did some debugging and knows why it is not working. This behavior can't be changed atm.

If you want HTTPS and SMTP on one WAN only make sure it is one of the reliable ones. We don't have interface failover (if WAN dies use WAN2 for example) in pfSense 1.0. This is something that already is worked on in HEAD. The poolfailover however will work.

There are also some (poorly written) webservices that won't work with plain HTTP or other protocols and multiwan. You should add an hosts alias for these destinations to add IPs to when you encounter problems and send these out one of the WANs only by creating a rule for this alias destination.

I don't clame to be the smartest person about OLSR but it sounds like that is a bug….  It shouldn't be adding "distant" routes to your node?

Well I solved the main problem…I guess you can't NAT out the same network that your WAN is for using public IPs on a LAN.

Went ahead and put the LAN on private IP space.

@terminaladdict:

running beta2 on DOM

will the config be seamless?
can I install on another DOM … boot, then load my saved config
I assume the config defines interfaces rules, ipsec settings, static routes .. everything

no idea what DOM is, but you can restore your config.xml from beta2 to a beta4 or RC1 box.  You will want to remove the load balancer config and recreate it.  There were MAJOR load balancer fixes after beta2
Beta 3 summary: http://hitormiss.ucsecurity.com/index.php/2006/04/17/pfsense-10beta-3-is-out/
Beta 4 changelog (on vacation, I didn't write a summary): http://cvstrac.pfsense.com/rptview?rn=24
RC1 changelog (not yet released): http://cvstrac.pfsense.com/rptview?rn=25

–Bill

OK. Just in case anyone does develop something regarding multi-wan FTP, I'm willing to do the tests.

Better yet, create an alias called cannot_balance or something similar and create a rule to force the traffic out a specific gateway.  Whenever you encounter a site that doesn't work very well simply add it to the alias.  Easier than adding rules for every edge case.

Will double NAT not have any latency issue?

One question, I would like to understand the following sentence, which appears on the "Firewall: NAT: Outbound" page.
"With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN)."

Since I haven't enabled NAT at all yet, pfSense is supposed to be generating the necessary mappings. However, pfSense is not supposed to be creating mappings for the WAN interface (as stated in the quoted sentence). But then, how come I can access the Internet via the WAN interface?
That's the only interface where I currently require NAT to function.

By the way, I don't have a router "in front of me". The pfSense firewall is actually "in front of me" and is acting as a router/firewall.
Note that 10.0.2.0/16 and 10.0.3.0/16 are the same subnet 10.0.0.0/16.

Also, I'm not using a DMZ. Hence, I couldn't really grasp what you meant by "Using the DMZ IP for the pfSense WAN forwards everything to the pfSense and you have full controll there.". Can you please elaborate?