First off, let me change my subject line for this post to "NAT port forwarding stupidity from no common sense BOOB".

Cry Havok patiently asked me what the default gateway was for 192.168.XX.10.

The answer?  THE WRONG ONE.  It was set for 192.168.XX.1!!!  Upon changing it to 192.168.XX.2 (the LAN for my pfsense box), everything worked just like it's supposed to.

I should be embarrassed (and I am).  ::)

Thanks to all who replied, especially Cry Havok, who helped me trip over the obvious!  It's always the little things…

sorry i forgot to add those details

i am using
1.0.1
built on Sun Oct 29 01:07:16 UTC 2006

and it runs on a dedicated x86 pc with 3.2ghz and 1gb ram.

It worked, thanks :)

We did, but it wasn't the transparent change we'd hoped for. It broke IPsec, so it was pulled. It's too late in the release cycle to mess with it. 1.2 will not support NAT-T, though it may be added as a package maybe by the end of the year. 1.3 will support it.

Getting from the inside. No luck :/ :/ why redirect goes to 127.. ??

tcp 127.0.0.1:19004 <- 87.205.173.90:3000 <- 10.0.209.55:1797 FIN_WAIT_2:FIN_WAIT_2

tcp 127.0.0.1:19004 <- 87.205.173.90:3000 <- 10.0.209.55:1800 FIN_WAIT_2:FIN_WAIT_2

Getting from the outside (everything OK - ShieldsUP test) Redirection OK.

tcp 10.0.209.5:3000 <- 87.205.173.90:3000 <- 4.79.142.206:40384 SYN_SENT:ESTABLISHED

I have Nat Reflection Unchecked. Does not work with checked either :(
Before updating to 1.2rc2 It worked without unchecking that option.

I set it up that i only have the ports unscrambled that i need unscrambled.
For that let the default scrambling rule be and create above the default rule a rule for your single port you want to have unscrambled.
rules are processed from top to down and if one rule catches the rest is no longer considered.

Do you mean it does not scramble them when you NAT them to be accessed from the outside?
This is a different matter. This is about OUTBOUND NAT. All ports on outgoing connections get scrambled (even Bittorrent, look at the state tables while you are downloading).
But some Programms get their destination to send the reply to, from the source port out of the header of the packets they recieve (with the correct scrambled port) and thus work.

You dont have an AON rule for your global scope.
I dont think that you can route out the WAN without NAT.

Thanks :)

It's works here too :p

Thanks tlsail for your screenshots :)

OK,

I think I got it!  Through setting my outbound advanced NAT mappings for each interface with a rule of source any, * * *, etc.. and enabling the filtering bridge in the advanced setup, it all worked!  Granted, traffic seems to be flowing through my LAN interface rather than WAN, but I can sort that out later (this is on a test network with a software router on my mac so… ;) ).  So thanks!!!

NickZ

P.S. I've attached a screen-shot of my routes-table here.

routes.png
routes.png_thumb

Well I took your advice and verified that I was told to use the wrong IP for my gateway.  I'm still trying to wrap my head around the fact that my Linksys running dd-wrt worked regardless of the improper settings.

I don't know exactly why but everything is ok:)

Now I can ping the OPT1 interface from the laptop and the nat working too.

I think a reboot needed. First I didn't reboot the pFsense. But when I turn on the pFsense the existing config everithing is works fine!

Thanks your help!

Thx. for info.

The connection on the external is a 100mb cable modem connection from Shaw Bigpipe.  I have changed the IP's so they dont reflect my ip's.  Basicaly I have the Bigpipe modem going into the pfsense external interface and the secondary pfsense interface going into a hardware router.  The hardware router will be configured with the 69.244.194.146 address.  I need to be able to ping this from the outside world going through the pfsense router.

it worked

;D ;D :D :D

wtf O_o
i tried the exact same thing but didnt get it to work.
i've read some stuff about you cannot bridge WLAN because multiple MAC's on the same device in a WLAN lead to discarded frames.

maybe i should try once more :)
did you find somewhere a howto?
i have the regedit-changes i need to do.
possible that i did something completly wrong >_>

pfSense does not provide NAT-T support.
but you can use the Cisco VPN client through pfSense and it should work without a problem.
(at least i never had any problems with cisco vpn client)