Sounds like a pretty standard port forward setup - look at the NAT menu.

There is a pfSense package available for NTOP (system, packages). Have you verified DNS resolution from the firewall? Do you have the ftp helper enabled on the LAN interface?

Thank Everyone , solve it , like dotdash said it all automatically nat only me do some careless mistake.
shreckbull thank for the info

i think the gui only checks when you have 2 rules of tcp or 2 of udp or 2 of tcp/udp but not a mix

but its not a problem the first rule wins the other is never seen

Everything except DNS is TCP, not TCP/UDP, so I would change your rules for SMTP/POP, etc to use only TCP. Then it should work with NAT refection on. I would think a better solution would be to use Internal DNS servers with the private numbers, or do split DNS.

As long as the client is configured properly for the custom port as well, shouldn't be a problem (doing the same thing on my setup).  Are you sure you have the correct ports forwarded for passive mode as well?  Is the ftp helper enabled?

@SecureMe:

…via a manually entered "Static Route" in pfSense...

So Chris - have I made it more confusing?

Oh boy, I was busy recently. Didn't realize that I was that far off the track…
Of course, a static route in pfSense makes perfectly sense and is the missing brick I was looking for.

Thanks Jason for your rather long explanation! Even I got it now.

I shut up now and and have some sleep...  :-X

@bgbearcatfan:

Sorry, i don't understand the wording of your question.

OK sorry  :'(
"why one should all the firewall rules" i forgat the word delete. so it should say "why one should delete all the firewall rules". I thought that was not nessesary. And indeed it was'nt. I didn't have the forwarding rule for the passive ports  :-. Everything works fine now.
Thanks for the help.
Rgds,
Hellsblade

I had the same issue while trying to receive incoming calls from my sip provider to my asterisk server which is nat'ed behind a pfsense box.

What resolved my issue was setting up my asterisk server to refresh it's connection to my sip provider every 10 sec in sip_nat.conf. "externrefresh=10" thus avoiding the expiration of the udp session which occurs every 30 to 60 seconds.

I think the same thing can be done with an ATA or VoIP telephone, by setting "Nat keep alive = yes" and "Use DNS SRV = yes"

Hope i was helpful.

@cmb:

http://wiki.pfsense.com/wikka.php?wakka=StaticPort

perfect post that solved my problems.

Thanks for all the info guys.

@sullrich:

I have some serious reservations about folks running 1.0.1.  1.2 even in beta stage has thousands of fixes not included in 1.0.1.

Right, but remember that it is still beta and some folks aren't keen on using that. The latest stable release for now is 1.0.1 so I would guess lots of folks (still) using it. However, this will change with the release of 1.2 stable.

The beginning of this thread showed that it would be helpful to have something like a 'big picture' of pfSense.
What, where and in which order would be great! Recently you suggested a nice Web drawing tool…
What do you think?

Chris

Really?
Thanks, I'm going to upgrade!

advanced outbound nat?

Search the forum for static port.

Search the forum for "static-port".

Assuming you put a NIC in the existing firewall and address it 10.10.1.254/21, connect it the new network. You would then go to system, static routes on the second box and add a route to 192.168.0.0/21 gateway 10.10.1.254. Then make sure firewall rules on both sides allow the traffic.

I'm interested in this too, I got two IP address, but the only way I can grab them is to use DHCP to grab them, so it would be great if there was a solution to this, at the moment I'm thinking of having two "Wan" port on the machine one to grab the first IP, then second one to grab the second IP, then do NAT on it.