You do understand setting it on that wifi interface now all traffic that is not to the internet were your low mtu is is at that lower mtu..  So your setting all your devices on your network to use a mtu of 1492 because your internet connection has some overhead on it?  Why don't you just let the router do what its suppose to do and fragment the packets..

PMTUD should to be honest handle issues to upstream mtu size, and if you have a issue on your internet connection with lower than 1500 mtu you can just use the MSS clamping feature.. vs altering the mtu to lower than 1500 on every device on your network…

…attempted to configure the Split DNS method as documented, but it didn't work for me.

I'm sure we can get it working.  As Derelict said, start a new thread and post all the relevant details you can regarding your DNS configuration as well as the client DNS settings you're testing from.

Yeah indeed the package and the proxy are two completely different things.

Maybe get a tunnel with static IPs on it instead?

You could look around for an ipv4 tunnel broker in any country you choose and setup a tunnel with them.  You stay on dynamic IP, your fixed addresses are routed to you.

Setup an AWS micro instance, run pfSense in it and setup an OpenVPN link from AWS with fixed IP to your dynamic IP.

I tested from an outside machine but failed.

Nonetheless, I redid everything but no port forwarding rules and I can access an internal web server!

The only problem is I get the error here when changing the default port for the reverse proxy:

https://forum.pfsense.org/index.php?topic=87280.0

So my internal web server is running on port 8082. testsite.domain.com redirects to the pfsense homepage but testsite.domain.com:8082 goes to the web server.

Can I make testsite.domain.com go to testsite.domain.com without the port number showing?

you don't see a problem with using the same name for multiple machines??  Really??

If you can not run a reverse proxy, and your limited to 1 public IP then still use fqdn to point to the machine on the outside..

So you have hosta.example.com point to 1.2.3.4 on outside, hostb.example.com point to 1.2.3.4 on outside

If you want to run the same services on these that use the same port, with your limitation of 1 pubic IP then yes you can use different ports so

hosta.example.com:portA  hostb.example.com:portB  on the outside those point to your 1.2.3.4 address

On the inside
hosta.example.com points to privateAdddressA and hostb points to pirvateaddressB, etc..  Problem solved users on outside can use the same url http://hosta.example.com:port as the users on the inside.  Just with split dns uses on outside resolve to your public and your forward forwards to correct private via teh port being used.  On the inside the uri points directly to the machine in use.  And does not have to reflect of anything.

No matter what if your private side server changes IPs you would have to change the port forward anyway.

Your trying to leverage a work around of only having 1 public IP by using different ports to get to your multiple private IPs…  When in a real setup you would have different public IPs for your multiple services you wanted to run on the outside that used the same port.

so your running all your vms on the vmkern network? (mgmt lan) ??  The idrac is its own physical interface is in not?

for some reason, when I created traffic shaping, it included a firewall rule for the ports which prevented access. I de-linked the firewall rules and it started working again

Wow…"management" doesn't understand...

NO WAY!!!!!!!!

just want to update for anyone else having this issue so far now i get one sided audio while before I would get none

I have been reading few other sites and been trouble shooting i re changed my trunk settings and my extensions.

But now i got this so i think im making progress see pictures

granstream(LAN IP) voice to zoiper(3G) –--One way audio

but on zoiper(3G) to granstream(lan)---no audio

but i guess howcome before I would get no audio but now im getting on the granstream phone (LAN) they cannot hear from what the person is saying on the zoiper(3g) but when talking from the granstream(lan) you can hear on the zoiper(3g)

Any asterisk guru? Its probably the wrong place to get help  :-\

Thank you

Clipboarder.2015.11.27-006.png
Clipboarder.2015.11.27-006.png_thumb
Clipboarder.2015.11.27-005.png
Clipboarder.2015.11.27-005.png_thumb
Clipboarder.2015.11.27-007.png
Clipboarder.2015.11.27-007.png_thumb

Revised, corrected guide for adding 1:1 NAT on a standard connection

I have a standard business cable (coaxial) connection with 5 static IPs in the same subnet.  Let's call them WAN_IP1 - WAN_IP5.  The modem is in bridge mode.

I have already setup the WAN connection on an interface of my pfsense box to use WAN_IP1 and it works fine.

Now I want a 1:1 NAT on the same interface, pointing to Internal Address: 192.168.1.20.

============================================================================

Steps:

1. Firewall -> Virtual IP

ADD NEW
Options:

Type: Proxy ARP
Interface: The same interface of my modem
IP Address: The Public Static IP address I want for the 1:1 NAT, in this case WAN_IP2
Subnet Mask: /32 for single address

2. Firewall -> NAT -> 1:1

ADD NEW
Options:

Interface: The same interface of my cable modem
External Subnet IP: The Public Static IP address I want for the 1:1 NAT, in this case WAN_IP2
Internal IP: Single Host : The Internal Address: 192.168.1.20

3. Firewall -> Rules -> The same interface of my cable modem

ADD NEW
Options:

Action: Pass
Interface: The same interface of my cable modem
Protocol: Any
Destination: Single Host or Alias: The Internal IP Address: 192.168.1.20

===========================================================================

OK I understand now and my previous advice still applies.  It should be one NAT rule (port forward) to expose the server on VPN to WAN, and one firewall rule to allow the traffic to flow.  That's it.

No pfSense config required if I understand you.  The client on the same internal segment as pfSense NIC just needs to use the pfSense LAN IP address as its gateway.  I'm not sure how WAN being bridged or NATed makes any difference to the client on the LAN.

Pop over to this thread to continue the VPN discussion:

https://forum.pfsense.org/index.php?topic=102977.0

I got FTP to work by setting the passive port range on the ftp server then opening those ports with a nat rule to 192.168.0.xx9 for the ports I opened.

Seems to be working in chrome in IE I had to turn off passive mode on a remote client to make it work. That seems odd since it worked in chrome but not IE until I turned that off and my understanding that forces it to 20 -21 any way and those were already open.

You can enable NAT reflection in "System: Advanced: Firewall and NAT" or also per rule.
There is no need to recreate rules. The rules added by NAT reflection are invisible.