go to firewall => nat => outbound.  click the radio button to select AON.  after you hit save, an auto-generated allow/any rule will appear for LAN => outside will appear.  go from there.

pf does support this, afaik, but i don't think the gui currently gives you the ability to check based on the source IP.

Kage, it actually is a little confusing in that failover only applies to outbound load balancing (multi-WAN). While it is true that inbound load balancing is round-robin only, you can "fake" a failover when you're only using two servers. Simply add the primary server only to the pool, and then when you create the "server" put the secondary server into the "Pool down server" field.

i noticed that Pound (http://www.apsis.ch/pound/index_html) can apparently handle this task for me, do you know if there is a module for pfsense?

I had this problem, you can see my solution here: http://forum.pfsense.org/index.php/topic,19957.0.html (close to the bottom)

Solved Now that I know what to search for: http://forum.pfsense.org/index.php?topic=13825.0

He fixed it with this: http://doc.pfsense.org/index.php/Static_Port

windows server 08

How exactly do the frames coming from the pfSense differ in comparison to the frames sent when connected directly to the modem?

I've tried both against the QNAP NAS, and a SLES 10 Linux. No change. I've also tried towards a HTTP server running some survaillance on a QNAP VS-101. Same results. This is an upgrade of an upgrade. I'm wondering if I should try a fresh start. My only worry is that I've had some problems in moving part of config's over (I would hate to reenter all the staticly defined DHCP leases, etc.). And I also have a 'lot' of nat's previously defined, that works fine. But if I create a new one, then noooo.

Looks like you're right. Sorry about the confusion! I had assumed it wasn't working because the desired behavior (allowing some gaming consoles behind the pfsense box to nat properly) wasn't working. It turned out to be a problem with allowing multicast traffic on the subnet for UPnP. Thanks for your help.

@GruensFroeschli: This is not possible. Is it going to be fixed in 2.0?

sounds like static ports will resolve this. the problem was that the ports were getting re-written, 1:1 nat resolved this. if static ports didn't require enabling advance outbound nat, I'd do it. it's too bad I can't have both automatic nat and advanced nat at the same time. UPDATE: I've removed the 1:1 nat and setup static port. RTP works perfectly. the problem of course was that the port number was being changed in the nat process and my VoIP provider didn't like this. advanced outbound nat is incredibly simple. If I new how easy it was to setup, I would have done this on day 1.

hmm, strange, since the wan link is physically always up, its either the ppp session that dies, or an upstream router, so that there is no more dataconnectivity, but physical link stays up. Offcourse, if bsd looks at the PPOE session, than that could be the cause. Anyway, i can live with it untill 2.0 comes out.

Firewall rules determine that. See the multi-WAN chapter of the book for more info. http://pfsense.org/book