@hoba: I just checked this but it works fine for me. The generated firewallrule is correct. Confirmed. Auto create rule is functioning properly for me as well.

yes ,tele2 works.  =D

Has any more work been done on this?  I need this functionality as well.

I changed all my incomming Port forwards rules to interface. About mIRC.. still have the same issue. I am gonna get me some protocol monitor to see exaclty what happens when it fails to connect to ppls computers. Happy New Year For PFSense and us all /Live Well

Follow these steps: http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing

That did exactly what i wanted. Thanks! :)

You don't need to portforward but you need appropriate firewallrules. Start with any any any any… rules at both interfaces. Also make sure there is no ethernetloop (like both interfaces on the same switch). Check out status>interfaces. It will report ethernetloops if the stp detected one. In case you are using directly connected hosts make sure to use crossovercables.

did you find any problem with the 30 second refresh on the wan? I am running in ppp half bridge and am seeing the same thing. I am having performance issues so was thinking this is the problem. Do I understand that you did not have any performance issue?

This will only work if squid is on a different interface. At least many months ago I couldn't get it to work with a redirect rule with squid on the same interface. Mostly due to not being able to add a rule thats like below rdr on {iface} inet proto tcp from !{squid ip} to any port = 80 -> {squid ip} port 3128 Three options: Place squid box on different interface on the pfSense box and make the redirectrule. Set squid box up with a bridge and redirect traffic going through the bridge to squid. Change the pfsense dhcp lease default gateway to squid box and set the squid box gateway pointing to the pfsense box with traffic being redirected to squid.

This is not possible with the 1.0 series. The next major version will have support for this kind of aliasing. It's already in head.

That is sourcebased natting which is not supported atm.

Yeah, apparently. Actually if some sort of plain text explanation could be added to that option that would be awesome.

oky, the reason is that on the linux machine i have not jet configured the proper gateway!

solution: delete all nat and ftp rules (ftp related) reboot add one first ftp nat, save auto created rules and apply reboot add one second ftp nat, save auto created rules and apply don't reboot different 2 ext. and 2 int. fpt server accessed.

Thanks for your advice, but I think it will redirect whole IP address not just one port. I think somethink similar what is implemented in e.g. ZyXEL ZyAIR G-2000 plus router (firewall with WAN-to-WAN rules). I do not know if it is possible to do in pfSense firewall.

Ufff!! :) i´ve found the problem :) if i have the captive portal active … the nat rules and upnp dont work ... What do i have to do ? Sorry guys .. and thank you :)

Guess something like that would be needed: http://www.openbsd.org/cgi-bin/man.cgi?query=tftp-proxy&sektion=8&manpath=OpenBSD+4.0

Rules are always applied incoming at an interface, so if your smttp/pop3 clients sit at lan this rule has to go to firewall>rules, lan tab at the top of the list.

Your question has already been answered.  Search the archives.