Fastest way is to get a packet capture of 2000-3000 packets or so, download the pcap and use Wireshark's analysis tools.

Binding should be to all IPs by default, unless you've changed that on the server in which case you'll have to go in and change every service. I would expect you would lose access to one interface or the other because of the routing complications dual homing induces, though both would work from the same subnet. If the services are inaccessible from both IPs you have something weird going on with the server (host firewall maybe?).

Did I put this in the wrong forum? :)

Yes, this can be done, with slight modifications to your plan.  If you place the proxy servers inside a separate network segment, you can then intercept the outbound HTML traffic and redirect it, either load balanced or in a failover configuration to your proxy servers.  We did exactly this configuration for a client who was pushing sustained 100mb through that system and it works flawlessly in 1.2.3.  If I remember correctly, there were some minor modifications that needed to be done to pfSense in order to support load balancing from a CARP IP and that work was done by the BSDPerimeter guys under contract (can't recommend their work highly enough btw).  I suspect all this can be done off the shelf inside pfSense 2.0, but I've never set it up.  As always, the limitation of this setup is that only HTTP, HTTPS will not proxy transparently.

Usually that indicates that it can't send traffic there. Either because it doesn't have permission (blocked by firewall rules) or perhaps because it doesn't have a default route going that way.

Thank you Cry Havoc and Gimp. I don't know why but email is working fine now. I wish I knew why that ws happening but I can't even reproduce it to try checking things. I guess it's just one of those "ghost in the machine" things. Thanks again!!

The root user is the admin user. Set the key for the admin user in the GUI, it works for root. FYI: root and user share the same uid and home directory, they just have different shells.

Unless you have something else tracking your internal usage (squid, netflow, etc) there isn't likely to be any kind of record you can refer to for that. pfSense doesn't keep a log of every incoming/outgoing connection, and even if you made the rules log every connection it may not give you the info that you would need to match up the information they gave with internal activity.

You could try disabling services/packages one by one until the problem goes away.

The symbol in the column "Act" shows you, what happened to the connection. If you click on this symbol, you will get the rule, which caused this action. If you click on the red/green symbol with the little black plus, this IP will be added to an Alias and this Alias will be added to your firewall rules.

This forum does actually have a working search function ;) http://doc.pfsense.org/index.php/What_are_the_512M,_1G,_2G,_and_4G_NanoBSD_files%3F

If it works, it's fine. Usually it will work, since it's still 7.x, but there is always the chance that a given program will want a newer base system library that doesn't exist on 1.2.3. It shouldn't hurt to try it.

Thanks I changed the server address to 192.168.20.1 and it worked.

I'm offering it as a suggestion rather than a request, that and I don't have money to put on something like this. I do offer my time in designing / spec'ing this however.

@superwormy: Now, I realize that a firewall rule could be used to stop this. HOWEVER, SecurityMetrics requires us to have a rule which allows all traffic from them through- i.e. I can't just put a deny rule to reject UDP port 53 from the WAN. Is there a way to turn this off in pfSense 2.x so that we can pass our PCI scans? How do others get around this? I also got the same errors on SecurtityMetrics scan, but I don't see anywhere where they dissallow firewall rules that apply to everyone.  You have to exempt them from any IDS/IPS system which makes sense, but they are testing the firewall as well as everything else.  Deny rules are how firewall's work.

Yeah, I just spliced cables to get the DSL modem in the same room as pfsense, works fine now. Signals aren't the best, but get very close to my advertised speeds(which is rare for at&t dsl lol)