I use https, so 443..

Ah, so you only have the one public IP address?

Destination port range: from: (other) 58585 to: (other) 58585 and External port range: from: (other) 6112 to: (other) 6112 Maybe V Destination port range: from: (other) 6112 to: (other) 6112

advanced –> Firewall Optimization Options --> aggressive

Create a new NAT Rule on the LAN Interface, ext. address any, ext. port 80, nat ip [your squid server], local port: [squid servers port] and your done. greetz

Show the output of the routing table on pfSense and give the Pppoe server configuration and an output of ifconfig command.

with an alias you essentially create a group of hosts and bind them to an easy to remember name, say for example:  "FTP friends" and then add all the IP addresses you want to have access to your FTP.  Then when you create your NAT to your ftp, you specify the source as your newly created "FTP friends" alias.  So in the future if one of those ip addresses change, you just have to modify the alias and not the NAT rules, saving a little time.

Thanks for the reply. I did try moving the listening port to something other than 22 and I also tried ssh -p portnumber user@pfsence.box With both of these the session just hangs until it times out. Logging is enabled and, eventually I did see some errors from the correct inbound address: Dec 9 17:04:38 WAN xxx.xx.xxx.xxx:4045 xx.xx.xxx.xx:135 TCP Dec 9 17:04:05 WAN xxx.xx.xxx.xx:22 xx.xx.xxx.xx:64909 The rule that triggered this action is: @61 block drop in log quick all label "Default block all just to be sure." If I can get my rule above this one, I might be in with a chance but I can't see it my list. I am a bit lost. I am not sure if the issue is the ssh command, the pfsense config or a routnig issue. What I do know is that the sshd on the internel host is not being contacted. :-\

i found the solution. i contact the VSAT technicians. So, we try up the topologi. MTU is the PROBLEM !!! so, we have to give the same MTU at the cisco router and so the pfsense, so they can communicate. Previous setting, MTU at pfsense 1500, and the cisco router 512. So, i set the MTU at pfsense 576, and the cisco router 576. The technicians said, it strange. Because in cisco router, it's already been set up that the cisco router will negotiate the MTU if its below it or above it. But when trying communicate with pfsense, the policy seems not working. But, well…it's already been solved now. It's not the NAT problem, policy problem, or anything else. It's the MTU setting. Thanks for all. If anyone can give me how we can negotiate the MTU and communicate with cisco smoothly, please don't hesitate.

O.K. I solved this. Didn't have to split my C/24 afterall! I route it thru but for certain IPs i redirect the traffic with S/DNAT rules to SERV and LAN. This can be achieved with combination of different netmasks for VIPs. So the answer to my top post is YES. :-) Thank you all for your help. :-)

thanks i did it last night, it works again problem's solved!  8)

Fixed. I was using a different range in the NAT rules then what the PPTP clients were being assigned. Oops!

Do you have anything in the firewall log? As a add to this place a rule above with the servers ip as source and tick log. Diagnostics -> Packet Capture can also be helpful. Did you try wget to another server?

This is how NAT works. What you want is source NAT. This came up once and i suggested to enable Advanced outbound NAT, and NAT from the WAN to the LAN. However, i never got feedback if that worked (It was just an idea, i never actually tried that)

Have tried HTTP(S), triple check the gateway and is correct host gateway is going to firewall.

Thanks for the input, I tried it, even tried leaving the destination port blank so that all traffic outbound from that server would be directed out via it's public address. Still doesn't work, as a matter of fact, no internet connections work at all not even inbound. But when I change outbound back to automatic, internet connections work again but I am back to square one with all outbound traffic going out via the wan interface ip and not the server specific public ip's (virtual ip's) I assigned and active sync of course doesn't work then. I am not using 1:1 nat, just some virtual ip's on the wan interface for my public ip addresses and some port forwarding. Very simple configuration that has me stumped lol If I have overlooked something please feel free to correct me, my ego is not a concern at this point in time LMAO Thanks again, Seumas

@cmb: …as NAT reflection in general sucks ... Maybe a dumb question: What would you prefer to use in such a scenario?

It won't work, if you do not disable captive portal on OPT1. If you do, so does NAT.

http://forum.pfsense.org/index.php/topic,7001.0.html Enable NAT reflection