I do this with HAproxy - it also supports keeping the original source IP to the destination, I can also terminate SSL/TLS and change ports along the way - very versatile :)

@jenskiebee Bonding can be realized in combination with pfS as today only by a" bonding box" In front of pfS.... Oh boy I can tell you... A f@#&* pain in the ass Sometimes its working sometimes not the speed u get a total other ballgame And a 100+50 is not Givin you 150 its more about a 125 or less I got 2x100 and the best shot was 160... So now we use loadbalance and everyone is happy except the inner nerd ;)

@marvosa Thanks a lot! Now I understood

@halil o kadar konu açıyoruz 1 allahın kulu dönüş yapmıyor .

UPDATE I just hit a tiny snag, it turns out URL aliases can be update once a day at the soonest, unlike DNS based resolution. So, I can either (A) hack some cron job to force updates, although I think these would be resolved quicker because of pgBlockerNG that stores its rules there as well and has a timer to reload them or option B is to set a DNS record or delegation for it. Active Directory delegates DNS Service Discovery (_dns-sd._udp.x.x. awesome way to ditch Avahi) to a macOS-based BIND9 server with dnsextdit's perfect for the job. :D

@webstaff The question is, if your WAN really is going down or if only the monitoring IP does not respond to ping. However, since both WANs with different monitoring IPs are effected, I assume there is something odd with your connection or with pfSense. Possilby it helps to check System > Advanced > Miscellaneous > Skip rules when gateway is down to avoid that the policy routing rule is omitted when the gateway monitoring is failing.

@freak4915 To avoid DNS leaks when using the VPN you have to route the DNS traffic over the VPN. There are two possibilities to to that: Either forward the DNS requests of the respective devices you route over the VPN to a public DNS server, which you route over the VPN as well, or use the DNS resolver on pfSense and direct its whole DNS requests over the VPN. However, the firest one will not work with DoT and none of them works with DoH. For the first method, simply add a port forwarding for DNS traffic to a public server and add a policy routing rule to direct DNS requests to the destination server over the VPN. For the second, restrict the DNS Resolvers outbound interfaces to the VPN gateway group and care that all your devices use pfSense for DNS.

Thank you all for your suggestions, it seems the problems is gone byitself. Hence, I did not poke around as it started working and did not want to break anything as I am all new to pfSense.

@gertjan said in pfSense behind ISP Router: The last (4) rule is an explicit "block everything" Since when is this needed?

@johnpoz thx

Didn't say it didn't have a "modem" in it.. But that is a horrible term to use for something that is more than a modem.. Its not a "modem" its a gateway.. Sniff on pfsense2 wan when you try to access one of your forwarded ports from pfsense1 - do you see the traffic? If so then it would work. Just like any other port forward.

@viragomann This is what I see in my deciso (old firewall) on the netgate (new) I don't see anything ! But I have find the problem ! I need to go in Interfaces/PPPs/Edit and select "Link interface(s)" Now it works !! [image: 1627309282711-image.png]

any help or suggestions here!?

@viragomann Thanks, that was indeed the solution

@nogbadthebad Thanks, much appreciated. Kind regards, jB

Damn, that would be such a nice feature... Thanks for your reply @jimp :)

be a start.. This is really no different then setting up some other vlan/network... Your just not natting it.