This problem may be solved, but we need testers.

Please see http://forum.pfsense.org/index.php/topic,15669.0.html

i think it's more of a function of squid…..it can probably only cache from one wan at a time

Thanks very much for that, this code seems to be very similar to what I need (though it's pretty trivial anyway). I guess I will just write something similar from scratch.

yes, I am aware of this, but if problem is not elsewhere, then every self respecting router or firewall should handle this. In fact, I have also tried many hardware (D-Link, Juniper, Extreme Networks, etc.) and software (OpenWRT, Coyote, Zeroshell) routers, and pfSense was only what did not pass these packets. This was very surprising to me, that such trivial problem exists in any other way - excellent router software, for a long time, and nobody care about that.

you should have no problems

look up "1 to 1 nat" and "advanced outgoing nat"

thanks Cry Havok

I tried switching the DNS address around and adding in a third I found on a bellnet.ca search and all seems to be well now. Something is messed up on the original DNS and Im not sure if they fixed it or if the switch in IP's changed but I am able to send email now, that seemed to be the only issue that we were encounting while doing other tests beside the lookup.

Appreciate the effort.

I apologize,
I do not have a solution to your problem but I do offer a work around. Why don't you connect the two switches together and have just one LAN. I understand that you are trying to save a port on your switch however such a model is a bad practice.
I would recommend connecting the switches.

Well - I have reinstalled and all appears to be well now, or mostly well now I have extreme throughput slowness but that will be a different post.  Thanks for the response!

-Aaron

Thanks, Didn't see that option.

Hi wallabybob,

That's great advise.

After enabling polling and rebooting, my problem has seemed to go away.

I'm not entirly sure if polling did anything to help it - it may have just been the reboot! But if the problem comes back I'll be sure to refer here to quantify the interrupts generated.

Just FYI, I was trying to do a samba (CIFS) transfer at the time over an openvpn connection (The openvpn server being seperate from the pfsense box) to a remote openvpn client in another country connected via a DSL connection (8Mbps down and 832kbps up as pfsense sees it).

Before the reboot, pfsense GUI and shell access would be non-exsistant after about 2Mbps or transfers down from the remote server. After the reboot, I can hit 6Mbps (which is the max that this openvpn connection can reach for some unknown reason) without any problems.

The speed measurements are from pfsense's traffic graph. Before the reboot, I knew that pfsense would become unresponsive at around 2Mbps as that's when the graph would stop working..

Cheers

JT

ya ok, I figured that the openvpn method to be the easiest be intergrated all ready. Thanks for the insight.

I haven't installed any packages… if you mean State table size, then about 1450/10000

Firewall: NAT: 1:1    15 IPs

Firewall: Rules        205 Rules, 99% TCP rules for specific ports

No other services running... no SSH, no load balancing, no VPN, no DHCP. no SNMP..basically nothing...

eth0: LAN
eth1: WAN Static IP

let me know if you need more info please

Thanks for the quick reply Bern,

Yes indeed, my TCs are trying to access external_ip:80… that's exaclty what my problem is. I'll have a look at NAT reflection

Thanks

L2