Thanks alot, I think I understand my situation.  I can install it as-is and start using it while I fiddle without taking any undue or at least a-typical risks (except for the ones I introduce myself!). If anyone else has any comments, especially with regard to where to learn what to do (other than the book, which I will be studying), please tack your comments on. –Ray

This is your definitive guide: http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing Follow that, and use the scheduling option when creating the firewall rules. If you have trouble be sure to post back here with the details.

OK, found it - using Wireshark and trawling through the data. The problem was with the proxy - my original request was being redirected to a mirror - I had allowed the original site through the proxy but had no overt indication that I was being redirected to a mirror. I entered the mirror address into the proxy ACL whitelist and Voila!

It might be possible to craft the right pf rule, but you'd have to invoke that in a script or something.  Can I ask what you are trying to accomplish?  Not meaning to offend, but folks here are basically providing free tech support, and I for one would rather not invest a significant amount of (unpaid) time trying to help someone massage pf in a way that makes no sense.

Correct.

@jimp: Squid puts in a pass rule for the proxy when transparent proxy is enabled, and no rule you enter manually can override this. Ok, that sounds like a pretty crucial note then, I'll put it in my pfS book somewhere.

@flanandorj: 1.2.2 built on Thu Jan 8 22:30:24 EST 2009 Upgrade to 1.2.3-RELEASE and then try again. If you still have issues, then someone might be able to help you further.

Glad it is working now ;-)

It worked perfectly!!!!!! Thx a lot

I have two settings different from the screenshots shown for Virtual IP and NAT.  First, on the Virtual IP page I have "Other" marked and not "Proxy ARP".  Second, on the NAT setup I have the radio button for "Manual Outbound NAT" clicked and not the "Automatic" button.  Don't know if that will fix you or not, but except for those two, your settings and mine look the same.  Mine is working as posted earlier in this thread. One other thing to double-check.  Under Interfaces..WAN, make sure "Block private networks" is unchecked.

UPDATE –----- I have now uninstalled Lightsquid (must be uninstalled before Squid otherwise there are errors and uninstall fails..) and Squid and after a few reboots it seems that my block rule is working as intended. Obviously Squid is in a number of situations a problem, I have to do some rethinking when it comes to if and how I should use the Squid package then. Any thoughts and comments welcome.

Thank  You! You've been very helpful  :D

OK, thanks for that. These are all ESXI VM's so i guess i will just have to add some more networking in. "you'd just need a port forward on LAN that redirected any port 80 traffic NOT going to the pfSense box's LAN IP' Is this right? Surely this would mean that the redirect would not redirect the HTTP traffic and it would continue on through the pfsense box. Or am i being dumb, which is more than possible!! Cheers Gareth

I have been running one in Xen Server for 3 months now with no issue. Just make sure to reset the states when you make firewall changes.

You do not fail PCI compliance for having an open port on your firewall.  Port 53 is DNS, and if you run your own DNS servers, you must have this port open inbound.  You need a real PCI assessment, not some free automated scan.

ok, i didn't know about the netmask in UK, im from mexico, and me neither be sure if the doc applies to wan but i try everything to resolve my situation, and seems that there are many people with your same problem in the forum, anyway, good luck