Proxy is for http protocol. Squid can proxy http,FTP,https but cannot proxy ssh for example. Redirect all ports to squid will not work. You have to find a proxy for each protocol you want to use and https can't be transparent for many reasons.

You don't need anything that CPU or space/memory intensive to accomplish what you are trying to do. IMO NAT reflection or Split DNS should suffice.

All three networks are on the LAN? If so, then it is just a routing issue. Did you want those different subnets to have internet access? if so, then you are going to have to use Advanced outbound NAT and create a rule for each LAN subnet.

Thank You to all that have made constructive suggestions. I still cannot get RDP to work remotely to Windows 7 pro workstations. This is the procedure I do on the pfSense-1.2.3-RELEASE  box,,from a Windows XP Pro machine setup that works fine. 1. In the NAT configuration page a simply change the internal ip address to one of the Windows 7 pro workstation ip addresses, Save and Apply. ( the carp / public ip address i leave the same) 2. I then go to the firewall setting,>WAN tab( the rule that is auto-generated by the RDP NAT rule), and change the internal ip address to reflect the Windows 7 pro machine,Save and Apply. When trying RDP from a remote machine the Windows 7 pro machine session, blinks just for a second and disappears. I have tried this on three different freshly imaged Windows 7 Pro machines, FYI. I do have  the "Allow remote desktop from any version of RDP client machine" is in fact selected. I have the Windows Firewall on the Windows 7 Pro machine disabled on all three possibilities here. The Windows Firewall is totally disabled in other words. Also,I can in fact remote desktop to the Windows 7 Pro machine fine within or lan,so it does appear something is not getting two way communcation between our lan and the Nat'ted ip address. As soon as I change the internal ip address to one of our Windows XP Pro machines the very same Nat'ted connection will work fine remotely. Thanks, Barry

Please post a screenshot of your WAN firewall and port forwarding rules.

Please post your WAN firewall and NAT rules

The output of "pfctl -sn" and "pfctl -sr" are identical for the two boxes, so the rules are being created correctly. I've tried a packet capture on the system that isn't working and this is what I get with Full detail.  Unfortunately, I've no idea what it all means.  IP addresses have been censored but otherwise the data is unmodified.  Traffic is from tcping on the port in question (ms-sql-s) but I tried a different port forward (https) and that isn't working either. 09:56:25.709841 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 114, id 30438, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62525 > 208.176.yyy.zzz.1433: Flags [s], cksum 0xb5c6 (correct), seq 410772004, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 09:56:27.718749 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 113, id 30647, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62526 > 208.176.yyy.zzz.1433: Flags [s], cksum 0x6be1 (correct), seq 3962460245, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 09:56:28.706720 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 114, id 30650, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62525 > 208.176.yyy.zzz.1433: Flags [s], cksum 0xb5c6 (correct), seq 410772004, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 09:56:29.726159 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 113, id 30651, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62527 > 208.176.yyy.zzz.1433: Flags [s], cksum 0xe7e1 (correct), seq 2554933305, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 09:56:30.716128 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 113, id 30654, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62526 > 208.176.yyy.zzz.1433: Flags [s], cksum 0x6be1 (correct), seq 3962460245, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 09:56:31.736067 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 113, id 30657, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62528 > 208.176.yyy.zzz.1433: Flags [s], cksum 0x9363 (correct), seq 3848746904, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 09:56:32.727035 00:21:62:94:fe:00 > 00:90:0b:11:57:2e, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 113, id 30662, offset 0, flags [DF], proto TCP (6), length 52)     50.19.www.xxx.62527 > 208.176.yyy.zzz.1433: Flags [s], cksum 0xe7e1 (correct), seq 2554933305, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0[/s][/s][/s][/s][/s][/s][/s]

Sorry, I use neither. Try asking the question in the Packages sub-forum.

Thank you very much for your help. I have created a test rule based on instructions found in Docs, and it works OK, it just required a reboot of the Alix to work. I will post back if any other problem occur. Best Kostas

please help me to access my PublicIP with my upnp port from lan

Hi, thanks for your answer.. i have one interface where my WAN is connected. What i did to make it work was that i added the public ip address as a virtual IP on the WAN interface. After that i added a 1:1 nat where the external ip was the public (ofc :-)) and the internal was the internal ip of the box i had on the inside. When that was done, i added a firewall rule to allow everything to the internal ip. That works…

OMG - I'm such an idiot. I'm not sure why the default rules didn't work for me, but I figured out what my problem was. I looked at another pfsense install's default NAT rules and realized that the default outbound NAT rule for LAN to WAN is applied to the WAN interface…. (just like the hint says - Duh.) Anyway, I switched the rule from LAN to WAN... and it works exactly as I expect it would. Honestly, just explaining the problem on the forum helped me understand the problem enough to reach a solution on my own.  Thanks for just giving me a place to figure this out.. lol. I love pfSense. :) -Kevin

Hi Jannus, I think I'm having the same problem as you.  See -> http://forum.pfsense.org/index.php/topic,41743.0.html Did you ever get this issue resolved?  If so, what worked for you? Thanks! Kevin

Yep, I've got a gateway set on my LAN interface and on my MNG interface (management vlan interface). Well, I wonder how this could have worked without breaking anything. I have removed both the default GWs leaving only one interface-bound GW on the WAN. Thanks for help! Peter

You cannot transparently proxy https.

You can put a hostname in, and from memory (a search of the forum will tell you more) it is resolved every so often to see if it has changed. It may be simpler to use a VPN.

@tommyboy180: Pro Tip: If you create a NAT entry first a firewall entry will be created automatically for you by default. The pfsense GUI has a small learning curve. Most firewall distros don't have a separate NAT entry GUI than the firewall GUI. This only works for port forward NAT rules. With 1:1 NAT you still have to create the rules.

Thanks all, the release version 2.0 has solved my problems…. =)