1.2-BETA1 is available on the mirrors, there is an update available. Use firmware page to upgrade after you download the image.

Thanks Dot

SOLVED, thanks.

@hoba: Not nasty at all Yeah, NAT is the nasty solution, it breaks all kinds of stuff you would typically want to use across a corporate WAN. Using unique subnets at each remote location is just good network design, it's how virtually every well designed multi-site corporate network works.

ok - my mom used to say (german speaking) "look first - then ask"… i just saw that the cvs already has this fixed... once again thanks a lot!

Try to decrease the register times to 60seconds. PFsense, along with some expesive-firewalls, have UDP timeouts of 30/60 seconds… after 60 seconds the incomming INVITE will be dropped. Using STUN doesnt solve the problem. stun is only used to let the phone know the public(masqueraded) address, and how it can open up UDP sessions. the public IP is needed because SIP (which is osi-layer7) does also contain the IP adress, and some SIP-devices will answer only on that and not on the layer3 ip...(workaround in asterisk is NAT=Yes) another good idea is to create a NAT rule which does static-port-mapping on the SIP & RTP sessions so that port 5060 stay's always 5060..... things i haven't checked yet for myself: SIP over TCP. TCP-sessions have much longer timeouts...but is rarely supported Conservative mode. good luck

OK, I found my problem.. I have pout any instead of Interface address on the NAT rule :-) It works now.. Thanks /MartOn @marton: @hoba: Turn on NAT-Reflection at system>advanced (very bottom of this page). I tried this, but then all my web requests are beeing redirected to my internal server. It seems even www.pfsense.com will be redirected to my internal web server.. Any Idea why this happens? /MartOn

celtic, see: http://wiki.pfsense.com/wikka.php?wakka=PortForwardTroubleShooting

Now I found the right thread: http://forum.pfsense.org/index.php/topic,1528.0.html - don't know why I didnt find it earliear when i was trying to solve the problem myself :( sorry for the trouble. Thanks Arno

I have similar problem. I can't do NAT on WAN2. On WAN it worked all the time but for WAN wan't  :( If I set it I allways have WAN IP. I do VIP's as Proxy ARP, CARP but it never worked. I try to set WAN2 ip as default route for few machines on LAN. Can somebody knows how to set this?

I'm not using bridge, until now I just named the interface..

The main issue with NAT'ing twice is protocols that are NAT-unfriendly. That includes some VPN client software, some VoIP protocols, FTP, amongst others. These protocols are a pain to deal with when doing NAT once, adding a second NAT into the mix makes it twice as difficult to make these things work right and troubleshoot when things aren't working. It should be avoided if possible, because it's usually adding a layer of complexity that's unnecessary. In your case, I would see if you could use the modem as strictly a bridge and put the static IP on pfsense. It doesn't affect packet size because NAT changes the source IP and possibly port (depending on the NAT implementation) on packets, it doesn't add anything to them.

udp reflection should work, the problem seems to be when using a single rule with "tcp/udp". We need to check this.

http://wiki.pfsense.com/wikka.php?wakka=FTPTroubleShooting

@hex2bin: did you plug in WAN and LAN into the same physical network? Jepp, the firewall just acts as a webfilter, so it is no security problem. But it is a networking problem - your firewall can't have two interfaces on the same subnet, and it's never good to have both on the same broadcast domain. What do you mean by web filter? What are you wanting to accomplish?

Yes.  Basically how IP works.

I musta been delirious from being out in the sun all muddied up yesterday or something because I just now tried this at our office and it's working fine.  I didn't change my setup  ??? Oh well, it works so I'm not gonna complain.  :P

Good to hear  :D

the error with  oracle listener nat, by default port 1521, was that i push the rules at the end, so, change , and push the firewall rules at top of list, and found OK. pd: sory by my english boys.