@tdickson: I would love to use this feature to get around - or mitigate PPTP issues. fricken seems to have hit a wall (either that or I can't figure it out)  and I have 90 public IP's I would love to randomize to help with PPTP connections… You said you can set it up non-GUI?  I've been searching around, and this post (with no answer) is about as accurate as I can come by. Any pointers are more than welcome. have you managed to get this to work? I'm looking into doing the same thing…

Yes. Search the forum for Advanced outbount NAT. EDIT: sorry i just realized that LAN per default gets NATed to all Interfaces. You shouldnt have to create any AoN rules. It should just work.

I am still getting this problem, I don't know if anyone can help…

Thats very enlightening, it looks like that should do the trick, but it doesn't want to cooperate. I also tried static DNS mapping while I was at it and if I tried pinging the host in question, it would show the ip address I mapped statically, but the ping would time out. This made me wonder if I had a firewall rule stopping traffic from flowing, but I tried a basic config with all interfaces allowed to pass all traffic to  all other interfaces (all wildcards), but still nothing. For now I'm content to use the local ip of the server when on the LAN, it's not that big a deal to have to remember. Thanks for the help though!

Ah, including SSH in the search term was showing other irrelevant postings.  Thanks for pointing me to those. To summarize for people who run into the same search pitfall: If you are running 1.2RC3 or later, adding the following tag to the <system>tag within config.xml will increase the timeout: <reflectiontimeout>3600</reflectiontimeout> where 3600 is the number of seconds worth of timeout. James</system>

I got it to work finally! Yihaa! Thanks for the hints and guidance sir!  ;D ;D ;D Hmmm, I encountered something really annoying, when the alias and the rule are enabled I noticed that internet browsing is painfully slow including other normal internet related applications, I uninstalled squid and its still the same problem. When I disabled the rule the browsing speed returned to normal.

@heiko: Here are some infomations… http://doc.pfsense.org/index.php/Static_Port

Read the PPTP limitations on the Features page on www.pfsense.org. It's being worked on in 1.3 right now, it looks like you will be able to connect multiple machines to the same external PPTP server by the time 1.3 is final. For now you can't, you can with other VPN protocols like IPsec, OpenVPN, L2TP, etc.

i´m sorry i dont understand what you meen, maby it´s just me but could you clarify what you want? /f

You add it manually to the config.xml

Actually, you didn't read the information suggested. From Wikipedia: A reason cited for rejecting this request relates to the lack of a published standards specification for CARP. The OpenBSD implementation is the closest thing to a formal specification of the protocol. Here is some additional information, if you are interested: http://www.packetmischief.ca/openbsd/doc/carp.html

Sorry, this is mirroring issue. If you hit 2.2.2.201:25 from any vlan interface then you will have source IP 1.1.1.4 in the packet received at 1.1.1.85.

Well..ye the HLDS-server is installed on the pfsense-box.. still the same? (that you wrote).. EDIT: Solved.. Thanks GruensFroeschli :wub: .. Just create a rule like this.. http://static.pici.se/pictures/kaPSpngbE.png (Firewall > Rules)

You have some duplicate entries. Is there any reason for this? I see that you use NAT forwardings from multiple WAN IP's. You did set up VIP's for this, didn't you?

Hey people by the way: if u wanna make ur gameserver behind NAT appear in the masterlist: Pfsense should be ur one-and-only friend. To set it right, u must enable in Firewall –> NAT --> Outbound "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" Look Attached Images for closer Instruction :) The port must be ur gameserver Port, thats allredy forwarded to be reachable from the internet... this issue is needed for quake3 and counter strike / css for sure. others i didnt test... ah btw some idea for future Features in Pfsense... Can we have a field where u can enter port range? [image: outbound_NAT_port_mapping.png] [image: outbound_NAT_port_mapping.png_thumb] [image: outbound_NAT_port_mapping_details.png] [image: outbound_NAT_port_mapping_details.png_thumb]