4/03 SNAPSHOT seems to have everything good to go.  Been working fine! Thanks

You can manually edit the config.xml and exchange the interfacename with the IP-Adress and reupload the config. Just don't touch this pool with the gui again and it should work with the newer versions.

That would be great if you found that solution for me. Of course changing the internal modem IP to be the same network range as the LAN, eg 10.0.209.2 is not a problem… Best regards!!

Think I solved my own problem: http://forum.pfsense.org/index.php/topic,4225.msg25915.html#msg25915

Search the forum for "static port". H323 can be as tricky as SIP.

I try to stay as far away from Appletalk as possible, but AFAIK trying to to encapsulate it in IP and route it somewhere is much more trouble than it's worth. Most of the old Laserwriters I have seen support IP/LPR printing. Just my 2c, but I think you would be better off getting rid of any Appletalk only devices and getting something made in the last fifteen or so years…

It works now with the latest snapshot (23-03-2007) !! but any chance to have a NAT 1:1 with apple talk compatibility ?

Thanks Hoba, I enabled "NAT Reflection" then added the Port forwarding as you said and it just works!!! Then I think I don't need my old firewall box again. Thanks again to all psSense team.  Let me know if there's anything you think I can help. Tony.

TCP/UDP shouldn't cause a problem in your example as both should be open and be forwarded. Just note, that once you have autgenerated the firewallrule by adding the portforward the both rules (nat and firewall) are not linked together anymore. If you change one you have to change the other as well. Maybe this is/was the problem as you changed rules manually later?

If you want to have these changes backed up in your config run them by using hidden config.xml commands (see http://faq.pfsense.org/index.php?action=artikel&cat=10&id=38&artlang=en ).

That is correct behaviour. You can shift ports with it but not redirect a range of ports to the same port.

With the current implementation of loadbalancing probably not but I might be wrong. Who knows  ;)

aaa ok thank you that was simple. I was in the wrong area. Again you came trhough with some good info.

That solved the problem. Thank you! Regards, Krzysztof

Can you give us some details about your WAN setup and all WAN public IPs that you have (real interface IP and virtual IPs, type of WAN conection)? For the different virual IP types: CARP Can be used by the firewall itself to run services or be forwarded Generates Layer2 traffic for the VIP Can be used fo clustering (master firewall and standby failover firewall) The VIP has to be in the same subnet like the real interfaces IP ProxyARP Can not be used by the firewal itself but can be forwarded Generates Layer2 traffic for the VIP The VIP can be in a different subnet than the real interfaces IP Other Can be used if the Provider routes your VIP to you anyway without needing Layer2 messages Can not be used by the firewall itself but can be forwarded The VIP can be in a different subnet than the real interfaces IP Hope that helps a bit. Other

Search the forum for "static port". You have to add an outbound nat rule for this and enable advanced outbound nat at firewall>nat, outbound.

http://www.firewall.cx/vlans-links.php for some vlan info as hoba said. I've just placed a ordered for a http://www.hp.com/rnd/products/switches/ProCurve_Switch_1800_Series/overview.htm or if all the pc are located in the same room go with more lan nic's to save some money. a diagram would be useful –-wan-----pfsense or use http://www.gliffy.com

thanks.  congrats! after 1.0.1-SNAPSHOT-03-08-2007 snapshot update problem resolved. (but, i think nat reflection problem exist, may be) previous connection setup: lan to dmz connections used nat real ip (real wan ip) currently internal ip (opt ip) example: previous setup:  (my ordinary setup) nat reflection enabled nat: 212.x.y.93 -> 10.6.1.93 = port: 21 (used auto created rules) lan clients connection 212.x.y.93 success, but 10.6.1.93 not succes (wan to ftp server connection success) current setup: nat reflection enabled nat: exactly lan clients connection 10.6.1.93 success, but 212.x.y.93 not success (wan to ftp server connection success) if true, this is my new ordinary setup..