Hi

Don't put PFS as send connector.PFS is not mentioned to relay emails.
Instead use DNS for direct delivery or use your ISP smtp server as a smart host.

I agree with chpalmer,
I use virtual hosts on my web server and runs great, and is easy to setup :)

Well, I think the CPU could be a bit better for VPN but it's the upload speed, it's not the fastest connection available. But the other software I used worked fine to stream the video over the internet, but that server is getting slow to convert and now I found something that works better but can't get it to connect :(

ahh sorry bout that, lol. K well I restarted my modem, no change. Restarted my Pfsense box and I can get to my local service using my wan IP again. Though, I could always get to PFSense Webgui / SSH, but they don't require nat

found the solution.

I set the NAT outbound mode from automatic to manual.
created a new rule on the WAN interface where the source 10.8.0.0 gets translated to destination 10.40.200.1.

pfSense can't tell the difference between your web server software, sticky works at the connection/state level and would be identical in either case as far as the firewall is concerned.

I am glad that you did a reboot and figured this out. Some times if you setup it up one way and then come back and want to setup it up a different way, a reboot is necessary to clear out the old config from memory and then load up the way that works.

This has been covered in other threads. I do understand that some don't come back and explain, but some find the other threads and thing that others will as well. The problem is that they could link what they find and don't So, if you find this in another thread, please link this tread to that one.

Any way …

You can assign the same IP to multiple MACs (with different hostnames). As long as you don't have them both enabled at the same time, that will work fine.

Great thank you

@nojstevens:

Thanks cmb. I've tried it but I must have a mistake - still get the email from the alarm company that they only see me intermittently. If my IP of my alarm box is 192.168.1.9 then in the source it should be written 192.168.1.9/32 is that correct?

That's correct. Make sure it's the first one in the list, first match wins.

@frater:

Do you mean these rules would have been created by the system if this list was empty?

Yes.

@pfnewbe:

I've the same problem. Currently also with 2.0.1
Do you have it solved already? (and how)
For me also when I do it from my LAN to DMZ doesn't work. Within the DMZ from machine A to B… No problem.

Same problem here with 2.0 and 2.0.1. Clients cannot connect from inside to outside.
Also tried debug.pfftpproxy=1 with no result.
Only first SYN packet is passed.

See here:  Click here

Thanks for your assistance. A rule allowing all IPSEC traffic is in place. Should I be creating a 1:1 NAT?

Would a 1:1 with external of 65.67.163.160, and internal of 172.16.16.194, and a destination of 192.168.80.14 work in this case?

Hello Frank,

I'm sorry I can't help you with your question. Maybe you can help me with passive FTP. I can't get it to work.

FTP passive inbound works and the server returns a message but it can't go out. PFS blocks the returning message. Would you  like to help me, and what should I provide as info

Martin
NL

use IP alias VIP instead maybe? Sounds like you're using proxy ARP, though that should work fine too.

Thanks dotdash - this is exactly what was happening.

Thanks guys for your help.

I managed to NAT port 80 successfully after changing the admin port to a port other than 80 and used SSL on a different port as well.

Thank you for your reply.  I admit I am misunderstanding what's going on.

I'll try to explain this a little better since I think my 1st port was too long and not easy to understand.

(Domain A 192.168.1.1)    Shared to  & VPN Via IPSEC      (Domain B 192.168.2.1)
ext Ip 70.25..                                                        ext ip 50.54..
Citrix & Mail on Domain A

Domain B can't reach Domain A if using the ext IP but can speak using internal IP 192.168.1**

Domain A was only to contact itself using the ext Ip once I selected. "Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks. Note: Reflection for 1:1 NAT might not fully work in certain complex routing scenarios."

This did not work for domain B

"Reflection does not work for IPsec hosts, in most all configurations the public network isn't even sent over the VPN so it's not needed, unless you're routing everything over the VPN"

To my knowledge not everything is routed over the VPN, when users browse they are browsing through their local ISP, When I run speed tests or ip lookup in Domain B their IP is displayed (I'm assuming this would let me know)

Sounds like you may have to have split DNS in that setup

Can you explain this a little further this may be the case but if you can provide me with a little direction I'll understand what to change.

Thank You for the advice.

I think you alread understand my issue but I wanted to make it a little clearer.