Well changing the FTP helper status on or off will alter pftpx from running.  I'll check into the bogons piece.

http://forum.pfsense.org/index.php?topic=104.0

Did you create firewallrules to allow the incoming traffic? Only 1:1 NAT is not automatically passing all traffic (which would be a bad idea anyway).

Let's say one of your IPs is a webserver for example you need a pass rule like this:

protocol tcp
source IP any
sourceport any
destination IP <lan-ip of="" mailserver="">(NAT comes first, then firewallrules are applied so you have to use the internal IP as destination)
destinationport http (80)</lan-ip>

Not likely, we are not adding features.  We are only adding a new option when it corrects a bug.  Unfortunately this is not a bug and you can control it more tightly with firewall rules.

Help with docs is always appreciated. Good luck.

http://doc.pfsense.org

Add the rules to allow ftp to talk to localhost.

@josmo:

Ok here's the deal and it's got me very confused (By the way great job on this PFsense team so far this is great).

My Config.

LAN IP 192.161.10.1 with DCHP enabled
WAN 70.89.221.233 / 8
wan gateway 70.89.221.238

now from internally I can view and ping most sites.  But There are a few I can't like.  stumbleupon.com (70.85.3.132) and suvault.com (70.84.208.122)
I know this is an issue with pfsense or the way I have it set up because when I plug in the old linksys with the same wan ip and lan ip it goes to these sites just fine and I can ping them.  Anyone have any clue why this is going on?????

Thanks,

This looks like a Comcast business connection.  I guarantee that WAN is supposed to be /29.  I'm in the same 70.0.0.0/8 CIDR block (on two seperate connections) and /8 is NOT the correct netmask for machines attached to it.

–Bill

OK … its working now in PREBETA2 ... so it should be working in the upcome release (whenever that will be)

Thanks guys!!!

exactly.

Fair enough.  Thanks for all of your help Hoba.

Cool thanks.

thanks, for the fast reply hoba,  exactly what i thought it did,  and gladly not important at all for me since it doesn't seem to work without disrupting that port on the lan interface  ;)

nat reflection should only take effect for packets that are destined to the wan interface right ?

additionally,  if nat reflection was forwarding those packets to my web server, i would have gotten the page that is hosted on it…

let me know if there is anything i can do as well to help with this.

@sirocco:

I tried, but in 0.94.12 it doesn't work.

I have three interfaces WAN, LAN, OPT - port forward on LAN to proxy on LAN not work, the IF field on screen is empty.
Any ideas?

Proxy is connected to LAN and to OPT1 to avoid loop with port forward.

There is a known problem with this feature.  I still need to fix it.

@deadlygopher:

What is the maximimum range you can specify for a single port forwarding rule?

1-65534

Thanks Billm :)