I was able to get this working again by changing from Automatic Outbound NAT to Manual Outbound NAT however something still seems to have changed from versions.

Thanks,
Dave

Yes I mean NAT reflection.

I'm already using pfsense DNS for external (VPN) users wich get a different resolution for the servers.

I just want to understand why it works for all ports but 21. Simple curiosity.

come across this little guide. although it's for a netgear, there's a good network diagram which would work with most setup's in the thread.
basically, the router/modem that is connecting to the adsl still get's a dynamic ip. nat is turned off and the ip address of the lan side of the router is configured with a usable static ip from the range given by the isp. you can then put the vip's in pfsense but use the router lan ip address as the gateway.
pppoa/pppoe is done on the modem/router so the wan side of pfsense can be static.

I need HTTPS for apache on my Centos box for my websites.  At work and at my college we are restricted to 80 and 443.  I have HTTPS set to port 8080, but then I have to rewrite each web service where to forward https requests.  I have not yet done this, instead just tell users to type it in their web browser.  https://taco.mexico.com:8080/ as an example.  But I need 443 for ssh to punch a tunnel into my network for vnc, rdp, winscp, sftp, and other services that I require.  1 or 2 second delay does not sound that bad.  It is for a home office network.  Most likely, I will have very few concurrent connections.

pfsense FAQ e.g. says: "turn off ftp proxy", which solved problem for my application. If you use passive FTP, you should not turn in trouble. I think ftp proxy should be turned on by default, because it causes more trouble than running pfsense w/o ftp proxy.

Yes, I know.
My synthetic list may let think I've not tried, but it isn't.
Static routes are working, because with linux routers everything works fine.
The only change I do, on "internal" systems is modifing default gateway of external interfaces: from linux routers to new pfsense router.
In the pfsense router I've setted no static routes, because the default gateway of system is its WAN gateway.

default 192.168.1.1 UGS 0 87 1500 le0

Also because I've 2 OPTx that has to routes them traffic to WAN if.
If I set something like:

interface OPT1: Destination network: 0.0.0.0/1 -> WAN_GW gateway

what can I set on OPT2?
I cannot set the same Destination network for 2 if and the same gateway…

-> Enabling Fast Routing doesn't change anything.

Let me know if I'm making some mistake...

Hi all.
If someone is interested, I've solved the problem, simply removing the "router only" feature from the advanced setup and modifing the NAT rules in outgoing tab.
Probably, doing all test - contemporaneously - I've not rollbacked any change committed, before to pass to next test.
In every case, with the corrected interfaces of NAT in my table, all outgoing traffic restablished correctly.

Thanks anyway.
Cheers,
T.

Have you got the option to use squid as an FTP proxy on either application?

One of my clients had problems with one of the Adobe CS applications and FTP. Nominating Squid as its proxy worked first time for us but obviously YMMV.

I'd definitely leave the FTP helper on if you've got the option to.

http://faq.pfsense.com

edit: http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F if you cannot find it.

I fixed the problem by reinstalling 1.2.2 and making sure the modem was passing public IPs to the LAN ports instead of private IPs. Double NAT setup was killing a few things. :)

@Ih4t3MS:

… all requests appears to come from the firewall (internal IP). ... returns the internal ip of the firewall....

I am also having a similar issue. Did you achieve a resolution to this problem?

Can you show screenshots your firewall rules and your (outbound and inbound) NAT rules?

I have the same issue here at home. Its a great inconvenience and was wondering if a fix was being worked on. other than that i love PFSense.

OK. Thanks for that. I'll have to plumb the depths of his brain for how to do what I want to do…

There'll be no working with him now... Talk about gloating opportunity ;-)

Go to System: General Setup and enter a number other than 80 for webGUI port (or check HTTPS for WebGUI protocol) and Save, Apply. Port 80 won't forward if pfsense is already listening on it.

Go to Firewall:Virtual IP Address and create entries for 192.168.0.14/31 and 192.168.0.16 Save, Apply. pfsense has to know that your WAN is assuming those IP addresses.

Go to Firewall: NAT: Port Forward and create an entry for WAN any TCP http 172.16.1.174 http Auto-add, Save, Apply. pfsense has to be told to forward your http port and to what internal address.

db

What do you mean you cannot open ports to OPT1?
What are you trying to do and how are you testing this? What doesnt work?
Can you post screenshots of your firewall and NAT rules?

Okay..thanks for clearing that up. Cheers..