sorry guys for asking that silly question I didn't really think through what I was doing. It is all sorted. Memory block  ???

sullrich, yeaaaa, thanks sr. just in the target *

more status on this issue as of today it is no longer working and this is with the other rule in place. Here are the logs Apr 23 18:04:39 pf: 10. 726712 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48 Apr 23 18:00:32 pf: 156. 377540 rule 38/0(match): pass in on xl0: 192.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48 Apr 23 17:57:56 pf: 23. 546766 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48 Apr 23 17:57:32 pf: 86. 472199 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48 Windows reporting time period exspired Here are the rules UDP  *  *  *  123 (NTP)  *  NTP Rule LAN net  *  *  *  *  Default LAN -> any Update Removed the first rule and it looks to have returned again. I think I may have found something not 100% sure but it does fail on the first appemt but does complete on the second third and forth attempt.

Ok… Disregard. I figured it out. The problem had was a bad route.

Yep!  Thats it!  I didn't realize (and i should have, im an idiot) that their is the implicit deny all.  A simple permit all allowed traffic to flow. Thanks for helping a n00b out!

Aliases work for every input field with red background.

pfSense operates on the packet incoming to an interface which creates a state. So think of it as incoming to a interface initially (SYN).

"other" won't generate any layer2 messages. This can be useful if the IPs are routed to you anyway. If you need to answer with ARP for your VIPs you have to use ProxyARP or CARP.

This does not make any sense. Are you on the latest snapshot?    If so please remove all ftp port forwards and firewall rules for 21 and readd. Then do this from the console or ssh: ps awwux | grep pftpx I would like to understand why this work for you when clearly it should not (port 20).

Btw, portforwards work with natreflection, 1:1 nat not, only in case you need that feature.

Try a recent snapshot, FTP should work out of the box now. seems to fix all the problems people were having. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/

As hoba said, 1:1 NAT is not a security issue unless you want to make it one. If you have as many IP's as internal servers, it's usually preferable to use 1:1 NAT over port forwarding.

Firewall -> NAT -> Port Forward

From pm discussion, I've confirmed those ports aren't really open on his firewall, and it's behaving as his shown firewall ruleset should, proving it was something to do with the network of the person who scanned him originally.

There is an ftp-helper build in that you can enable/disable per interface for these kind if situations. Besides that no other protocol is proxied to rewrite IPs.

Others have asked about this a few times in the past, and numerous times on the m0n0wall list, and nobody has ever been able to find a solution. It's certainly a desirable feature, if you can find a way to implement it I'm sure patches would be accepted.

Nice. Thanks for the feedback  :)

Now, i know what the problem is. My brother's isp is using SIP and ichat is also using SIP so there's conflict. I don'y know if someone have a solution ? Thanks!!

Please have a look at http://forum.pfsense.org/index.php/topic,4215.0.html