@ribes: @sullrich: This feature was recently MFC'd and had been forgotten. If this is a full installtion then issues these commands from a shell to update: cvs_sync.sh releng_1 Is there a way to try this on an embedded platform? No, you only could use diagnostics> edit file from the webgui to replace the file the changes were made: http://cvstrac.pfsense.com/chngview?cn=12705

Yes.  Be sure to visit the faq and query about ftp and such.  There are a few limitations for multi-wan but it should mostly just work.    Sounds like your 3 wan is really just a LAN, btw..  So you may be only needing 2 WAN's.

We do not route either of them from what I know.  At this point you will need to dive into the code and prove me otherwise.  It doesn't work, period.

From the frontend yes and it also is presented this way in the created ruleset, however the roundrobin still is used without weighting. We did some tests with that and billm did some debugging and knows why it is not working. This behavior can't be changed atm. If you want HTTPS and SMTP on one WAN only make sure it is one of the reliable ones. We don't have interface failover (if WAN dies use WAN2 for example) in pfSense 1.0. This is something that already is worked on in HEAD. The poolfailover however will work. There are also some (poorly written) webservices that won't work with plain HTTP or other protocols and multiwan. You should add an hosts alias for these destinations to add IPs to when you encounter problems and send these out one of the WANs only by creating a rule for this alias destination.

I don't clame to be the smartest person about OLSR but it sounds like that is a bug….  It shouldn't be adding "distant" routes to your node?

Well I solved the main problem…I guess you can't NAT out the same network that your WAN is for using public IPs on a LAN. Went ahead and put the LAN on private IP space.

@terminaladdict: running beta2 on DOM will the config be seamless? can I install on another DOM … boot, then load my saved config I assume the config defines interfaces rules, ipsec settings, static routes .. everything no idea what DOM is, but you can restore your config.xml from beta2 to a beta4 or RC1 box.  You will want to remove the load balancer config and recreate it.  There were MAJOR load balancer fixes after beta2 Beta 3 summary: http://hitormiss.ucsecurity.com/index.php/2006/04/17/pfsense-10beta-3-is-out/ Beta 4 changelog (on vacation, I didn't write a summary): http://cvstrac.pfsense.com/rptview?rn=24 RC1 changelog (not yet released): http://cvstrac.pfsense.com/rptview?rn=25 –Bill

OK. Just in case anyone does develop something regarding multi-wan FTP, I'm willing to do the tests.

Better yet, create an alias called cannot_balance or something similar and create a rule to force the traffic out a specific gateway.  Whenever you encounter a site that doesn't work very well simply add it to the alias.  Easier than adding rules for every edge case.

Will double NAT not have any latency issue? One question, I would like to understand the following sentence, which appears on the "Firewall: NAT: Outbound" page. "With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN)." Since I haven't enabled NAT at all yet, pfSense is supposed to be generating the necessary mappings. However, pfSense is not supposed to be creating mappings for the WAN interface (as stated in the quoted sentence). But then, how come I can access the Internet via the WAN interface? That's the only interface where I currently require NAT to function. By the way, I don't have a router "in front of me". The pfSense firewall is actually "in front of me" and is acting as a router/firewall. Note that 10.0.2.0/16 and 10.0.3.0/16 are the same subnet 10.0.0.0/16. Also, I'm not using a DMZ. Hence, I couldn't really grasp what you meant by "Using the DMZ IP for the pfSense WAN forwards everything to the pfSense and you have full controll there.". Can you please elaborate?

Routing is done via firewall rules (policy routing).  So I don't see why not.  Check out the multi WAN tutorial and how-to's on the website.

http://faq.pfsense.com/index.php?action=artikel&cat=1&id=162&artlang=en&highlight=disable%20nat

Firewallrules will only let the traffic through you specify, so no, unless you set it up wrong it won't route the whole internet ;-)

If this server is accepting natted connections from the outside it will stay on the wan the connection was established. To make sure any other traffic from this IP will always run on a specific WAN create a pass rule with source <ip-gameserver>port <any>destination <any>port <any>gateway <preferred wan="">You can add those rules depending on püort, destination, source….the gateway specified is the WAN that will be used outbound. This way you can send specific traffic to WAN1, other traffic to WAN2 and the rest loadbalanced between WAN1/WAN2. Make sure you have correct order of the rules as the rules are applied on a first match basis.</preferred></any></any></any></ip-gameserver>

@hoba: I'm not sure if this will show up there if you use a mode other than accesspoint. I assume that you didn't believe me when I said that my WISP is broadcasting it's MAC addresses. However you can check it here on this link www.panonnet.net/ Please click on 'MAPA' at the bottom of the page.

Ah, damn, I feel like a dumbass. I don't need to be up this late, haha. Network 192.168.0.0 is on a router on the LAN interface. The LAN interface network is 10.0.201.0

Dear Group, I appreciate your help, I am still having the same issue I can't seem to resolve, duplicate SYN ACKS  ??? Anyway my rules could be at fault ?

@vd: Thanks for you answer. I really thought that pfsense could be a solution for my problem. What a pity. Thanks anyway Regards Vincent Replace the watchguard with pfsense? –Bill

Ok, a lot of thanks  ;D