Your description of your problem is not totally clear, but here is how the NAT should look for RDP:

If  Proto  Ext. port range  NAT IP  Int. port range 
WAN TCP 3389 (MS RDP)   Internal PC    3389 (MS RDP)

The firewall rule will then look something like this:
Proto    Source      Src Port      Destination IP    Dst Port
TCP  Any                *  Internal PC        3389 (MS RDP)

If you chance the NAT Internal Port Range, you have to modify the Firewall rule Dst Port to reflect the same change. In other words your Int Port Range, NAT IP in your NAT and the DstIP, Dst Port in the firewall rule must always match.

The only other problem that I can see is that the machine running terminal server is listening on 3390 instead of 3389. Do a google search on how to change this back to 3389 if you need to.

I moved the wan to our live t1 so I could log more traffice.

I added NAT rules + auto FW rules for HTTP

I see passed packets for port 80 and tons of block still for 53.

Thanks!

thanks,
I 'll try to do that (router used are linksys wrt54g with a modified firmware dd-wrt)
Chady

i've done what you're trying to do in the past.

i suppose you've set up 2 virtual interfaces.

1:
virtualNIC1 –> bridge to PfsenseWAN
virtualNIC2 -_> bridge to PfsenseLAN
now you should bridge the virtualNIC1 to a real NIC.

2:
the pfsenseWAN should now be able to get a IP from your DHCP on your network.
now you have to forward the ports to the IP of your PfsenseWAN IP

3:
you can set your virtualNIC2 to dhcp and activate on PfsenseLAN the DHCP server.
your virtualNIC2 should now get an IP from your pfsense.
at last you have to set up port forwarding rules.

your virtualNIC2 will now be able to recieve traffic from the ports forwarded from the outside :)

i hope i helped.
good luck

@dieselvw:

Thanks, Hoba, I'll give those things a try.  One other thought that might help in diagnosing this:  if I use a Cisco router (such as a 2611) everything works perfectly.  An idea to explore, if someone here can do it, is what is unique about the Ciscos that makes them so compatible with these VoIP services?  There's a lot to dislike about Cisco – the cost, and overall their mean-time-between-failures leaves a lot to be desired.  So, what is Cisco doing that pfsense isn't?

Thanks.

Was this ever resolved?  I have exactly the same issue with the same VoIP provider.  Nuvio does use proxy servers on the connection from my phones to them, but my phone ringing is still sporadic.  I have 2 IP phones in my office and I have them set to 192.168.100.50 and .51.  I have enabled Advanced Outbound NAT and set up a rule for static port on the WAN interface for 192.168.100.50/31 which should cover me, but that does not seem to be a total cure.  I was using a Snapgear router (based on Linux IP Tables) and did not need any special settings for things to work.  I do not mean that as a knock, I just think there is maybe something simple that we're missing here.

Anyone have any other thoughts?

Also, related to this, are Advanced Outbound NAT and Enable IPSec Passthrough mutually exclusive since they are on a radio button together?

Btw, scrambling ports during NAT is a security feature and not meant to piss people off. However some applications/protocols don't like this behaviour but you can work around it with the outband nat rules.

hi

pfsense runnig well with xbox live … !
it is an simple trick what you have to do to get the result "moderate" at the nat test.

at the firewall -> nat -> outbound sektion.

choose the automatic generated nat rules.
klick edit
the enable "static nat" .

save

and , if you have the redirect rules , you have an working pfsense box.

holger

Perfect…thanks!

It's actually a feature already built in to FreeBSD called tcpdump, I'm just creating the gui for it.

No it is not possible.  There is a bounty setup to add this feature.  Check out the bounty area.

Not sure if this helps for this condition but try to enable the static route filtering  option at system>advanced.

@hoba:

I just checked this but it works fine for me. The generated firewallrule is correct.

Confirmed. Auto create rule is functioning properly for me as well.

yes ,tele2 works.  =D

Has any more work been done on this?  I need this functionality as well.

I changed all my incomming Port forwards rules to interface.

About mIRC.. still have the same issue. I am gonna get me some protocol monitor to see exaclty what happens when it fails to connect to ppls computers.

Happy New Year For PFSense and us all

/Live Well

Follow these steps: http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing

That did exactly what i wanted. Thanks! :)

You don't need to portforward but you need appropriate firewallrules. Start with any any any any… rules at both interfaces. Also make sure there is no ethernetloop (like both interfaces on the same switch). Check out status>interfaces. It will report ethernetloops if the stp detected one. In case you are using directly connected hosts make sure to use crossovercables.