Well,

Turns out that what I wanted to do according to the network diagram posted above, did not quite work the way I expected.  Technically this is a Multi-WAN setup but with 1 cable modem/router, since I am using 2 public IP's, both in the same network/broadcast domain and thusly both sharing the same gateway.

I was lucky enough to find out that the way my Comcast cable modem/router is configured allows me to use private or public addresses without having to change anything major.

So, first I connected both the WAN and WAN2 ports directly to my cable modem/router's built in switch.  Then I setup pfSense with the WAN port having a public IP statically set on the interface, e.g. 98.x.x.1, and then I set up WAN2 with a DHCP address, which in turn gave the interface a 10.x.x.1 address off the modem/router's DHCP server.

After that, I made sure to set up the correct DNS servers for both WAN and WAN2.  Then I configured LAN with 192.168.1.1/24 and DMZ with 192.168.2.1 and I made sure to add rules on the firewall to allow the correct traffic protocols between LAN and DMZ.

Now, since I wanted to have LAN go out on WAN2, I set up the default gateway for outgoing connections for LAN to be 10.x.x.1, which is WAN2's address.
Also, I wanted traffic from DMZ to go out on WAN, so I set up the default gateway for outgoing connections for DMZ to be 98.x.x.1, which is WAN's address.

To reiterate, the setup is:

WAN IP: 98.x.x.1
WAN2 IP: 10.x.x.1
LAN IP: 192.168.1.1
DMZ IP: 192.168.2.1

Default gateway for LAN is 10.x.x.1
Default gateway for DMZ is 98.x.x.1

Hope this makes sense and thanks everyone for your help!

Luis

go to firewall => nat => outbound.  click the radio button to select AON.  after you hit save, an auto-generated allow/any rule will appear for LAN => outside will appear.  go from there.

pf does support this, afaik, but i don't think the gui currently gives you the ability to check based on the source IP.

Kage, it actually is a little confusing in that failover only applies to outbound load balancing (multi-WAN). While it is true that inbound load balancing is round-robin only, you can "fake" a failover when you're only using two servers. Simply add the primary server only to the pool, and then when you create the "server" put the secondary server into the "Pool down server" field.

i noticed that Pound (http://www.apsis.ch/pound/index_html) can apparently handle this task for me, do you know if there is a module for pfsense?

I had this problem, you can see my solution here: http://forum.pfsense.org/index.php/topic,19957.0.html (close to the bottom)

Solved
Now that I know what to search for: http://forum.pfsense.org/index.php?topic=13825.0

He fixed it with this:
http://doc.pfsense.org/index.php/Static_Port

windows server 08

How exactly do the frames coming from the pfSense differ in comparison to the frames sent when connected directly to the modem?

I've tried both against the QNAP NAS, and a SLES 10 Linux. No change.
I've also tried towards a HTTP server running some survaillance on a QNAP VS-101.
Same results.
This is an upgrade of an upgrade. I'm wondering if I should try a fresh start.
My only worry is that I've had some problems in moving part of config's over (I would hate to reenter all the staticly defined DHCP leases, etc.).

And I also have a 'lot' of nat's previously defined, that works fine. But if I create a new one, then noooo.

Looks like you're right. Sorry about the confusion!

I had assumed it wasn't working because the desired behavior (allowing some gaming consoles behind the pfsense box to nat properly) wasn't working. It turned out to be a problem with allowing multicast traffic on the subnet for UPnP.

Thanks for your help.

@GruensFroeschli:

This is not possible.

Is it going to be fixed in 2.0?

sounds like static ports will resolve this. the problem was that the ports were getting re-written, 1:1 nat resolved this.

if static ports didn't require enabling advance outbound nat, I'd do it. it's too bad I can't have both automatic nat and advanced nat at the same time.

UPDATE:

I've removed the 1:1 nat and setup static port. RTP works perfectly. the problem of course was that the port number was being changed in the nat process and my VoIP provider didn't like this.

advanced outbound nat is incredibly simple. If I new how easy it was to setup, I would have done this on day 1.

hmm, strange, since the wan link is physically always up, its either the ppp session that dies, or an upstream router, so that there is no more dataconnectivity, but physical link stays up.

Offcourse, if bsd looks at the PPOE session, than that could be the cause.

Anyway, i can live with it untill 2.0 comes out.