$44/yr is expensive?  Most people have paid that in Netflix fees in 4 months…

Problem solved. It turns out our ISP upgraded their equipment that interfaced with our static IPs to a Cisco Multihome chassis. They were able to queue a command to their systems that allow multiple IP's to a single MAC. I'll share some information I learnt along the way in case anyone else has this problem: a) you can try to lease the IP with CARP. This didn't work for me, but theoretically it should use a new MAC address for the connections. b) I was able to create a fake virtual adapter using ngctl and was about to create custom routes for this to work. I didn't complete this testing but ngctl looks pretty powerful, I'd like to play with it more.

Yeah there is definitely some confusion. I've been trying to clear that up in the book and hangouts, will eventually get to the wiki once the book updates are done.

tracked the problem its proxy problem, in pfsense & opensene even in cent…  behind squid  getting  wrong currency format  but in Debian Linux its working fine

can be anything. connect a monitor (or serial) and take pictures. it also can't hurt to copy/paste the system log. it might hardware or mbufs or …

Did you find a solution?

I see this is your first post, welcome to the forum! Have you followed the multi-wan setup guides at https://doc.pfsense.org/index.php/Multi-WAN ? That would be a good place to start. Your post is a little lacking in details.  Please post some screenshots of your "Routing > Groups" section as well as Firewall rules specifically the "LAN" tab.

@hda: Put a managed switch, global rate limiting, between pfSense-LAN and your LAN-members. That's a great suggestion,  I hadn't thought of that.  I was thinking I'd need a Managed switch in the near future anyway, they are fairly cheap now, and that would buy me some time to explore some budget upgrades for PFSense and let me keep using my service in a slightly reduced performance mode that I can control. I also appreciate the other folks confirming it's time to update the hardware.

@johnpoz: You need to look at what the direction of the traffic is, who is the requester who is the responder. Ah, now I understand. Need a incoming rule for the ping request (Internet -> WAN -> pfSense) and pfSense can send the reply, right? @johnpoz: So a destination unreachable.  When would you need this to be allowed to pfsense wan? https://docs.openvpn.net/how-to-tutorialsguides/administration/troubleshooting-openvpn-connectivity-issues/ My OpenVPN work now fine with TCP.

Quite a while ago I figured out what's wrong: While running pfSense in a KVM setup make sure you don't use rtl8139 as network interfaces but virtio instead. Positive aspects: 10G instead of 1G No broken traffic Less overhead Negative aspect: You have to remap your interfaces in pfSense. I don't know the exact cause of of the problem but the workaround is pretty nice.

Is there a better walkthrough available for pfSense 2.3.2? No. :) Using an admin port should make it ezpz since you're configuring the bridge out-of-band. BRIDGE0 is the "interface" on which the IP configuration is placed. It is a virtual interface consisting of a layer 2 bridge of the bridge members. With the sysctls set as in that walkthrough that is the only interface on which firewall rules will be honored.

Hello KOM. Thanks very mutch. When I change to DEMO works fine. Thanks a lot. Best regards.