First, thanks for the reads and comments. It seems that, upon seeing my WAN Address as 172 and not my IP that something was fishy with the modem. Either ATT or a power cycle reset the modem to block traffic and not pass it all to PFSense. I changed that setting, and we are back in action. I'm sorry to have wasted your time on this, as I assumed my settings on the modem were unchanged.

Hi @netblues, thanks for your response. I agree it would be much easier if I connected to the VPS PFS from the VLANed VM. But the thing is I want to know how to make this using PFS. So let's start with some questions, as I might have gaps of knowledge: Peer-to-Peer (Site-to-Site) OVPN connections: are they bidirectional? If I wanted to NAT Port Forward to this Interface which 'Redirect target IP' should I use? thanks

@Napsterbater said in FTP not working: @anakaoka I have LONG LONG abandoned IIS FTP. I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth. But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6. For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings. Second this ^ Filezilla was my solution for a while also. It worked great and did exactly this with a range of passive FTP ports. Eventually ditched that Windows system and created a FreeNAS server with secure FTP access similar to the Filezilla. FreeNAS is pretty awesome stuff.

I ended up re-designing how the neighbors interacted and eliminated the need for another set of routes from a second AS. I think one of the IP pools was in conflict, that's no longer the case :)

@powerextreme said in Are the Autocreated ISAKMP rules needed?: Also, why is the loopback address using ISAKMP? It normally isn't, but it's included in the networks for automatic outbound NAT rules, and each entry in that list gets the udp/500 static port rule.

That's what I needed. Thanks.

@netblues said in Multiple virtual IPs, one WAN -- outbound round robin use of IPs possible?: @Airwave and consider random with stickiness since changing ip's between https requests tend to break things badly. Okay, great thank you. I'll test these options :-)

So, after a some CSI I notice that inbound packages where reaching the target machine, the problem was that the Firewall B didnt knew where to sent back the response, so I added a new rule in NAT Outbound for this particular device, and worked like a charm: [image: 1595436390941-0d66b8df-182e-417f-b492-f56c1d24b4d4-image.png] NOTE: Firewall B doesnt use Firewall A gateway, its a "hybrid" VPN.

@bgillette said in Simple internal NAT - Can't port forward on internal LAN: well i had my NAS admin exposed so i could access it remotely Would never in a million years expose nas admin to the public internet.. If you can not lock down forward to a known source IP, say your work, or where you remotely admin from.. Then VPN into to do your remote administration.

Perhaps use proper DNS instead?

Hmmm, what was system default set too? Mine is disabled - but it defaults to what pure nat or nat+proxy? I really don't see how that would of come into play on a different interface.. Can try and duplicate it - what setting did you have in system, and can set mine to that and then look at the exact rules being created..

@hotshottech said in Access Back-haul Radios: I got it going…..here are the rules that got me there. Thanks guys for all the help....see attached [image: Post2.png] [image: Post2.png_thumb] [image: post3.png] [image: post3.png_thumb] Hi! I also have a same problem... ISP Router Modem (DHCP) 192.168.2.1-RADIO(192.168.30.X)-RADIO(192.168.30.Y)-PFSENSE(192.168.2.1) sadly, can't see the attached files...

@mike1818 (Replying to my own post) There is a problem with the PABX. Retried it and saw outgoing traffic from the pfSense to the PABX which is acting like there is no traffic. Sorry for bothering.

Thanks, I'll write tomorrow as I check it out.