The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
Action: Pass
Interface:LAN
TCP/IP Version:IPv4
Protocol:Any
Source Type:Network
Source Address:192.168.1.0/24
Destination:WAN2 Address

Try:

The problem is with my LAN. I cannot seem to be able to get to the internet at all. I've tried adding a rule under Rules->Lan, which is:
Action: Pass
Interface:LAN
TCP/IP Version:IPv4
Protocol:Any
Source Type:Network
Source Address:LAN network
Destination:any

In advanced, set the gateway to WAN2

Someone help me, please… I cannot NAT if machine local use proxy server (port 80)

Thanks much it's working great!!!!

are you using chrome mobile to check it - unless you turn if off it uses a proxy.  You would want to turn that off..

As to pfsense listening on 80 and doing a port forward to something behind it listening on 80 - this is not an issue.  I just tested this and click click I was able to access server behind pfsense on 80 without issue.

Was your phone on wifi or just cell access?  With wifi it most likely used that over cell data and now your doing a loopback because your coming from pfsense lan side.

I use Hmail and have a similar setup.  I do not have the same issue you do so I wonder if you have a config issue on the actual email server itself.

You don't have your email server "bound" to its own IP do you?

Im trying to think of any other config setting….

You have to set up an additional gateway for the second ISP under System > Routing > Gateways.
Then create a pass rule on LAN interface, at Source enter your specific internal IP, go down to Gateway under Advanced features and set the gateway for this ISP there. Keep in mind, that the rules are handled in the order they are shown at the rule tab. So maybe its necessary to put it to the upper position.

If you also want to have a specific public source IP for requests handled by this rule you have to configure an outbound NAT rule in addition.

At the moment i have no failover WAN , only one gateway rule for a separate proxy that goes over VPN (HideMyAss).

I must first take my Voipserver running before I plug in my second WAN into pfsense

With the great help of johnpoz I finally got port 22 closed.  I had to delete my ssh forward and rule and then reboot.  Thanks again John.

@mikeisfly:

How did you do that? (diagram)

3ds Max
http://www.autodesk.com/products/3ds-max/free-trial

The software is pretty in depth but I've been working with it for a little over a year getting pretty good with it, its really fun once you get the hang of everything. That was just something i threw together in about 10 min.

Here's something that took a little longer

You have to add VIPs one by one, unless you're adding a proxy ARP range (which generally isn't the best option, since you generally have something else on the subnet like the ISP router that you can't answer ARP on).

So they were not connecting to 5000-5002?

Clearly you sent back closed to those ports..  I should of sniffed when I did the probe - but normally closed means a RST came back.  Which seems unlikely if was actually listening on that port, etc.  Unless there is something on that device (firewall) that only allows specific source IP?  Or source Ports?

Glad you got it sorted - it is like 99.9999% time something stupid like using wrong port, wrong IP or double nat, isp blocking when troubleshooting port forwarding issues..  To be honest port forwarding in pfsense is click click your done and working.

I did get UDP reflection to work on 2.2 beta.  I had to use Pure NAT reflection mode and make sure 'Enable automatic outbound NAT for Reflection' in the 'Advanced->Firewall and Nat' settings page.

I gave up on TFTP and switched to HTTP for provisioning and everything seems happy now.

I'm fairly green to networking and always looking to learn more. Can you recommend some resources? During this entire process I felt like I was missing the knowledge on how to debug the problem.

What's the best way to do packet capture on linux?

Thank you for your help.

Blast from the past….

No - I have not.  I'm not in a good position to run Beta releases in production.

I think for sure others have.  Perhaps they will reply.

Might need to use static ports on your asterisk box. Chane to manual nat then create a rule for your pbx to use static ports. Also on your remote end make sure your router is not using ALG. (Application Level Gateway)

what version of windows..  epsv is extended passive.

I would prob disable that on your server if you don't want clients using it.

If you want to access a LAN host with its external NAT address from another LAN host you have to activate NAT reflection for the appropriate NAT rule.
You can do this either in each NAT rule which you want to have the function enabled or global in System > Advanced > Firewall and NAT and set the rule to "system default".

Hi all

Good news its working, i will quickly describe what i did

I found out one of the services "MS EXCH Mailbox Transport Submission" wasnt running when i listed in order of automatic services

I made my send connector back in using port 25 instead of 587 as mails would not send

Once i did that my messages went one by one to my sent items in OWA and i had about 23 emails in my gmail inbox

Also i did this -

http://exchangekb.com/2014/03/19/exchange-2013-emails-stuck-in-drafts

I added for internal dns my domain controller ip and in external dns my isp's dns and google's dns

http://exchangemaster.wordpress.com/2014/06/10/mails-stuck-in-the-draft-folder

http://technet.microsoft.com/en-us/library/cc816856(v=ws.10).aspx

I added my isp's dns and google's dns

Really grateful for everones input so much appreciated all pointed me in the right direction and so glad got it sorted, only taken me a week!!!

Rob

.194 works because it's your WAN IP, hence already answering ARP. Packet capture on WAN, filter on the IP that's not working, what's that look like?