OK cheers CH I will look into Haproxy.

Regards

Sam

Just an update to anyone that might try to do this.
Problem 1 - the reason I couldn't get out past the PF1 was because the default LAN -> Any rule doesn't apply to the other subnets behind PF2. Once I added LAN rules for them, traffic out worked.
Problem 2 - having Untangle in the middle between the two caused some complications in passing traffic from WAN side to the LAN side and through to PF2. This was easily remedied by adding static routes to the UT just as needed on the PF1 router.

Actually, the 190.210.60.59 IP and the 69.65.19.116 IP are both external IPs, somewhere on the net. The only local IP i have is the 192.168.10.206. Any clue as to what i can do? Thanks!

No, that doesn't seem to have had any effect at all. SIP phones logging in on non-standard ports are still connecting to the Asterisk server on random ports.

I thought it was there at one point, or perhaps I had just hacked it into the local install on a box one time. There's no reason it can't be done, though the reasons for doing it are still questionable (testing an actual service is much more reliable than ping.)

No, your router does not see the DNS query so it has no idea which hostname was accessed.

With HTTP you can pull some of that off with a reverse proxy, but I don't think the same thing works with SSL (I may be wrong, I don't work much with hosting SSL-enabled web sites)

It sounds to me like you might need to tweak NAT reflection under System: Advanced: Firewall and NAT.

http://doc.pfsense.org/index.php/VoIP_Configuration

My first guess would be #2. Second would be #4.

@wladkolc:

when i made a nat from wan>interface>2121 to 192.168.10.2:2121

Don't specify a source port on the WAN side.

Cheers.

:-[ ok i feel like an idiot now…...

its working, cough  ::)

Time to start on the firebox

@bitbyte:

I have a simple setup which has one LAN interface and a WAN interface having a static publice ip address and i i have been using this as a fw/Nat/and router for a LAN.Everything worked fine but sudenly it stopped working(connecting to websites) for no reason,i can't figure out why?

TCPDUMP shows packets going out reaching the websites requested from the clients on the  LAN,but no website loads,i haven't made any changes to the previously worked rules there?

Strange any reasons?

Then i made afresh install of pfsense and just assigned the interfaces,now here too the INternet stopped working,i mean webpages are not loading on the pfsense machine itself through console ,apart from this i can ping all the sites,ipsec vpn gets established ….

@clarknova:

Which version of pfsense are you using?

Version 1.2.3-RELEASE
built on Sun Dec 6 23:21:36 EST 2009

I think i may get it, Or not please guide me.
Lan does work fine as it use basic routing.
Lan_2 seem to be working now and i could have set the default gateway to use the WAN_2

so this way lan and lan_2 does not have same ip.

So far it seem to be working, but now i want to add a 3rd WAN to do same setup but does not seem to work evens if i apply same rules.

My main concern now is that computer on Lan_2 keep dropping.
I do ping on google here's what i get.

Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.
Réponse de 173.194.32.104 : octets=32 temps=147 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=149 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=148 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=147 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=157 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=148 ms TTL=56
Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.
Réponse de 173.194.32.104 : octets=32 temps=147 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=157 ms TTL=56
Réponse de 173.194.32.104 : octets=32 temps=148 ms TTL=56
Délai d'attente de la demande dépassé.
Délai d'attente de la demande dépassé.

I cant figure why it keep doing this.
From LAN no probleme it work perfect.

Someone please ?

@Gob:

I tried adding a Outbound NAT rule in there with a source of the LAN subnet, destination of the SFTP server, destination port 22 and NAT port of 2222 but that doesn't seem to work.

This needs to be a port forward rule, not an outbound rule.

Is gateway 1 a router outside of the pfsense box (gateway 2)? If so, for gateway 2 to be able to forward to gateway 1 they need to both be on the same broadcast domain (I think you have that) and network (You don't have this). Try adding an alias to your pfsense box like this:

ifconfig em1 inet 10.0.11.254 netmask 255.255.254.0 alias

where em1 is the interface that is 200.0.0.254 and 10.0.11.254 is an unused address on gateway 1's network.

If this setting works and you need it to survive a reboot then add the above command to the appropriate place in your config file with tags.

Firewall rule dst port needs to be SSH. The easy way is to let the NAT rule create the firewall rule.

It does look like either the shaper is in use, or perhaps limiters, based on the dmesg.

However you should really look at the output of "ifconfig -a" - It would show your link speed. If you are limited to 10Mbit, perhaps the physical link speed only negotiated at 10Mbit and not 100/1000.

You might try steps 2 and 4 here. 3 would not apply to non-sip applications, and I'm pretty sure 1 wouldn't either.

http://doc.pfsense.org/index.php/VoIP_Configuration

You probably have NAT reflection enabled and didn't properly setup the NAT port forward.

See here: http://doc.pfsense.org/index.php/Why_does_enabling_NAT_Reflection_break_web_surfing%3F