@nfsiv: the problem is, from outside i can not ping these 4 ip address, and inside i can not ping outside, even i ping from my pfsense. Did you create any firewall rules on the WAN, allowing ICMP to these IPs? How did you test to "ping outside"?

Don't do what you just described. Each VIP needs it's own VHID. Just put another VHID for each VIP. This doesn't affect the functionality. The password isn't used for your setup. This is if you want hardware-failover between multiple pfSenses.

I doubt its a dsl modem problem. I have had a Smoothwall firewall and that modem since 2001. @jimp: Is there another port on the back of your DSL router that you can try? No. There is only a single Lan and single Wan connection. I intend to get another dsl connection and wanted a firewall that was better suited for dual wan connections. The only problem I have had with the smoothwall is after about 6 months, it starts to block outbound connections its not supposed to. For instance, I cannot connect the PS3 to the playstation network anymore. Another example, is my daughters WOW, it worked fine for months, and now it will not connect through the smoothwall. If I were to reinstall the smoothwall, then everything would be fine, but I am tired of having to reinstall it every 6 months or so and spend the hours reconfiguring all the firewall rules.  I have two boxes with smoothwall on it so when one is down, I can use the last one until the new one is ready. I need to have a backup one ready to bring online because I host several websites and services. That is another reason I am looking for a more robust and secure firewall. Those websites are prone to attack by spammers because they are used to supply evidence to registrars, LE and ISP's to get sites and IP's shut down.

Store your pages in /conf/ <somewhere>as long as they are not too large, then add a shellcmd to the config to copy them over to the proper place if they do not yet exist (or on every boot just to be safe)</somewhere>

The book covers all that and more http://www.amazon.com/gp/product/0979034280?ie=UTF8&tag=pfsense-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0979034280

Well, port that pfsense was plugged into need to be in trunk mode. From there it was a matter of taking it step by step. Initially we couldnt get any subnet to communicate with the pfsense box. We had to actually add the subnets to the lan interface. Once we could get vlans to communicate with pfsense it was just a matter of figuring out NAT. NOTE: Automatic NAT does not work/would not work in our situation. Has to manually do it.         1:1 NAT also would not work had to stick with NAT port forwarding. Things are good now, internally geting out we have noticed a 50% increase in speeds.

I'd hate to have things in perpetual beta though.  We'll probably be having the same discussion about something else when 2.0 is released.

Thank you for your reply ! This rule has a lot of option.. this is the following one, right ? [image: 14Anonyme-20091229-143533.png] Do you can tell me more about this option ? what does it mean, implies ? I will try as soon as possible with IPTV, thank you again.

I'm not surprised, and I'd personally discourage such development. I just sent the customer a long list of workarounds. #0 is "fix the brokenness you see first". They complain this particular server is "finicky". No wonder. I also could put the device into bridging mode and probably get the behavior back, since the Cisco is on the other end still terminating a T1. Or I could setup some OpenVPN tunnels bridging. It's gonna hurt if I have to do any of that. I even came up with a solution to the most serious consequence (broken VPN) that only involves adding a couple more specific static routes to the more important servers. So many workarounds  ::)

There is lagg(4) support in pfSense 2.0, which is still Alpha (but will be Beta very soon).

Ah, a voipo customer :)  I just ported my number out of them.  Not from unhappiness, but because they made a (totally understandable) business decision to not support BYOD customers, which I am an extreme example of :)  I am using the freepbx service which uses bandwidth.com.  voipo worked fine with pfsense, but the other service got confused due to the source RTP ports being rewritten, hence my need to use the static_port directive.

Oh thanks for your idea, It is realy clear to me. Thanks again.!

I had similar checksum errors early on when I first started using voip through my pfsense box. In my case it turned out to be what I thought to be an apparent faulty nic. (Realtech-  I know I know… I see now...)   Since replacing the nic, my voip systems have been rock solid. And no more errors. May not be related but I figured Id mention it...

@Dave: I've seen this same thing with Chrome on one of my Macs (but oddly, not on another).  I resolved it by using the Clear Browsing Data… option to clear everything. That worked :). Sorry pfSense mods!

Having just come back from a very frustrating day at work, this sounds like the best thing I heard today. Thanks man, I'll look into this.