@nicklas-0 Since your router sends packets destined to B to the ISP gateway, it's on the ISP to route them forwards properly. And since A and B are within the same ISP network, it might be one of his devices where the packets get stuck.

@cerberus2022 IPSec can be set up in one of two modes. The more common mode is "policy-based IPSec", where you have to configure a phase 2 for each subnet pair you want to connect. However, if you have your subnets sequentially (10.26.1.0/24, 10.26.2.0/24, 10.26.3.0/24) you can also embrace all using a suitable larger mask. This mode can be used on most IPSec capable devices. The other mode is "routed IPSec", where you get a virtual gateway IP, to which you can route the respective subnets to the other site. The only drawback of IPSec is, it cannot be used to forward public traffic to a server at the other site, if you intend to do that.

@gregorywest said in Dynamic URL routing from WAN to LAN: Is it possible for PFSense to take the incoming URL and use it to route traffic to a particular server? What I am looking for is external WAN clients hitting the firewall with something.myurl.com routed to server2, and other clients coming into somthingelse.myurl.com to be routed to server3. Both of these routes might or might not be using the same IP Ports, so using 'port forwarding' would not work. Is something like this even possible? Do you have (or can order) multiple "Public ip addresses" for the firewall : And then assign different ip's to : something.myurl.com and somthingelse.myurl.com Would make your life much easier. Remember that w. some of the mentioned programe. Ie. FTP the client might not even xfer the url , just resolve locally , and connect to that "remote ip". /Bingo

I do this with HAproxy - it also supports keeping the original source IP to the destination, I can also terminate SSL/TLS and change ports along the way - very versatile :)

@jenskiebee Bonding can be realized in combination with pfS as today only by a" bonding box" In front of pfS.... Oh boy I can tell you... A f@#&* pain in the ass Sometimes its working sometimes not the speed u get a total other ballgame And a 100+50 is not Givin you 150 its more about a 125 or less I got 2x100 and the best shot was 160... So now we use loadbalance and everyone is happy except the inner nerd ;)

@marvosa Thanks a lot! Now I understood

@halil o kadar konu açıyoruz 1 allahın kulu dönüş yapmıyor .

UPDATE I just hit a tiny snag, it turns out URL aliases can be update once a day at the soonest, unlike DNS based resolution. So, I can either (A) hack some cron job to force updates, although I think these would be resolved quicker because of pgBlockerNG that stores its rules there as well and has a timer to reload them or option B is to set a DNS record or delegation for it. Active Directory delegates DNS Service Discovery (_dns-sd._udp.x.x. awesome way to ditch Avahi) to a macOS-based BIND9 server with dnsextdit's perfect for the job. :D

@webstaff The question is, if your WAN really is going down or if only the monitoring IP does not respond to ping. However, since both WANs with different monitoring IPs are effected, I assume there is something odd with your connection or with pfSense. Possilby it helps to check System > Advanced > Miscellaneous > Skip rules when gateway is down to avoid that the policy routing rule is omitted when the gateway monitoring is failing.

@freak4915 To avoid DNS leaks when using the VPN you have to route the DNS traffic over the VPN. There are two possibilities to to that: Either forward the DNS requests of the respective devices you route over the VPN to a public DNS server, which you route over the VPN as well, or use the DNS resolver on pfSense and direct its whole DNS requests over the VPN. However, the firest one will not work with DoT and none of them works with DoH. For the first method, simply add a port forwarding for DNS traffic to a public server and add a policy routing rule to direct DNS requests to the destination server over the VPN. For the second, restrict the DNS Resolvers outbound interfaces to the VPN gateway group and care that all your devices use pfSense for DNS.

Thank you all for your suggestions, it seems the problems is gone byitself. Hence, I did not poke around as it started working and did not want to break anything as I am all new to pfSense.

@gertjan said in pfSense behind ISP Router: The last (4) rule is an explicit "block everything" Since when is this needed?

@johnpoz thx

Didn't say it didn't have a "modem" in it.. But that is a horrible term to use for something that is more than a modem.. Its not a "modem" its a gateway.. Sniff on pfsense2 wan when you try to access one of your forwarded ports from pfsense1 - do you see the traffic? If so then it would work. Just like any other port forward.

@viragomann This is what I see in my deciso (old firewall) on the netgate (new) I don't see anything ! But I have find the problem ! I need to go in Interfaces/PPPs/Edit and select "Link interface(s)" Now it works !! [image: 1627309282711-image.png]

any help or suggestions here!?