Getting from the inside. No luck :/ :/ why redirect goes to 127.. ?? tcp 127.0.0.1:19004 <- 87.205.173.90:3000 <- 10.0.209.55:1797 FIN_WAIT_2:FIN_WAIT_2 tcp 127.0.0.1:19004 <- 87.205.173.90:3000 <- 10.0.209.55:1800 FIN_WAIT_2:FIN_WAIT_2 Getting from the outside (everything OK - ShieldsUP test) Redirection OK. tcp 10.0.209.5:3000 <- 87.205.173.90:3000 <- 4.79.142.206:40384 SYN_SENT:ESTABLISHED I have Nat Reflection Unchecked. Does not work with checked either :( Before updating to 1.2rc2 It worked without unchecking that option.

I set it up that i only have the ports unscrambled that i need unscrambled. For that let the default scrambling rule be and create above the default rule a rule for your single port you want to have unscrambled. rules are processed from top to down and if one rule catches the rest is no longer considered. Do you mean it does not scramble them when you NAT them to be accessed from the outside? This is a different matter. This is about OUTBOUND NAT. All ports on outgoing connections get scrambled (even Bittorrent, look at the state tables while you are downloading). But some Programms get their destination to send the reply to, from the source port out of the header of the packets they recieve (with the correct scrambled port) and thus work.

You dont have an AON rule for your global scope. I dont think that you can route out the WAN without NAT.

Thanks :) It's works here too :p Thanks tlsail for your screenshots :)

OK, I think I got it!  Through setting my outbound advanced NAT mappings for each interface with a rule of source any, * * *, etc.. and enabling the filtering bridge in the advanced setup, it all worked!  Granted, traffic seems to be flowing through my LAN interface rather than WAN, but I can sort that out later (this is on a test network with a software router on my mac so… ;) ).  So thanks!!! NickZ P.S. I've attached a screen-shot of my routes-table here. [image: routes.png] [image: routes.png_thumb]

Well I took your advice and verified that I was told to use the wrong IP for my gateway.  I'm still trying to wrap my head around the fact that my Linksys running dd-wrt worked regardless of the improper settings.

I don't know exactly why but everything is ok:) Now I can ping the OPT1 interface from the laptop and the nat working too. I think a reboot needed. First I didn't reboot the pFsense. But when I turn on the pFsense the existing config everithing is works fine! Thanks your help!

Thx. for info.

The connection on the external is a 100mb cable modem connection from Shaw Bigpipe.  I have changed the IP's so they dont reflect my ip's.  Basicaly I have the Bigpipe modem going into the pfsense external interface and the secondary pfsense interface going into a hardware router.  The hardware router will be configured with the 69.244.194.146 address.  I need to be able to ping this from the outside world going through the pfsense router.

it worked ;D ;D :D :D

wtf O_o i tried the exact same thing but didnt get it to work. i've read some stuff about you cannot bridge WLAN because multiple MAC's on the same device in a WLAN lead to discarded frames. maybe i should try once more :) did you find somewhere a howto? i have the regedit-changes i need to do. possible that i did something completly wrong >_>

pfSense does not provide NAT-T support. but you can use the Cisco VPN client through pfSense and it should work without a problem. (at least i never had any problems with cisco vpn client)

Thanks a lot for your interest anyways…  ;)

If you only serve incoming requests the state will handle the returning traffic as well, so you don't need outbound nat. Try VIPs type proxyARP or CARP if you need layer2 traffic for these IPs. If you ISP is routing these IPs to you anyway type other will work too.

no. but you can create an alias.

long waited?  It's been answered many times. pfSense does not have NAT-T support.

I changed the setting in the firewall.  It looks like IIS7.0 on my Vista workstation needs to be reloaded.  It looks like I killed it.  I will give you a update after I reload IIS. RC