Yeah...i figured it out. I had to set an LAN rule in the firewall, select the second router and had to create the same rule for outbound nat with the second device ip.
So firewall rule: LAN -> source: 10.10.10.50-70 (specialComputer), Advanced: route DSL2 Outbound nat: Source: 10.10.10.50-70 (specialComputer), Translation: 192.168.11.10 (DSL2) Both rules has to be in the first row but bevor the normal rules get in touch. But the problem with the gateway monitor still exists, in my case the "srcip" of apinger is not the same as the "wan" address. So he can't ping anything, because of the wrong "srcip", should be "192.168.11.10" but it's "192.168.10.10". Any ideas about that? Best regards -- carlo blohm | systemadministrator zweimaleins | werbeagentur gmbh elbestrasse 28/29 | 12045 berlin fon (030)61 10 86 -272 | fax -20 [email protected] www.zweimaleins.de Geschäftsführung: Alexander Stendel Amtsgericht Charlottenburg | HRB: 112415 B -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Carlo Blohm Gesendet: Freitag, 2. Dezember 2011 16:00 An: [email protected] Betreff: [pfSense] Virtual IP on WAN and there difficulties Hi there, i recently installed pfsense 2.0. My network config is DSL1(192.168.10.1) DSL2(192.168.11.1) |________________________| | (WAN ) (pfSense ) ( LAN ) | [special computers] ......... [rest] DSL1: IP 192.168.10.1/24 pfSense: 192.168.10.10 DSL2: IP 192.168.11.1/24 pfSense: 192.168.11.10 My problem is: I want to use DSL1 as normal internet connect und DSL2 for special computers in my network. Lets say they have IPs like 10.10.10.50 - 10.10.10.70. These special computers should go out on DSL2 to any host in the internet. I tried to manage that. I set the manual outbound nat (DSL2 IP is an Virtual IP alias on WAN, DSL1 is WAN and set two routes in routing tab) to use the DSL2 for the special computers but it doesn't worked. These computers have not any internet in this configuration, so I guess the outbound nat rule is active. I had to disable monitoring for DSL2 because in the "apinger.conf" there the wrong "srcip". I tried to put a second default route with a higher metric, but that seems not be possible. What else can I do? Is my concept wrong or do I miss something? Any help would be appreciated. Best regards -- carlo blohm | systemadministrator zweimaleins | werbeagentur gmbh elbestrasse 28/29 | 12045 berlin fon (030)61 10 86 -272 | fax -20 [email protected] www.zweimaleins.de Geschäftsführung: Alexander Stendel Amtsgericht Charlottenburg | HRB: 112415 B _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
