Yep, that fixed it, thanks :)

i have proxyARP virtual IPs. i couldn't configure basic port 22 forwarding from ProxyArp ip into OPT1 interface. i need 1:1 NAT anyway and it is working now including ping (ICMP). How does it work? or it shouldn't work and I have to use CARP?

Use a split DNS setup.

ygm

Nevermind…. When I first tried this I didn't have pasv_address defined at all in the config. pftpx does translate it. I set pasv_address=10.10.1.15 the internal ip and it works great both internal and external. Confusing as I swear it didn't work before.

So is your bogus bug report.

FYI, Enable filtering bridge is now checked, and rules added for the OPT1 interface. Everything seems to be working fine now… What a headache...

Yes, that was fixed.

i will try to get more information from them, maybe they can clear this up. thanks for your help!

Looks like you rather want a multiwan setup than some freaking nat settings. I suggest searching the forum as this is a hot topic at the forum. Additional to this you can use advanced outbound nat to make some special things working (if it doesn't work right after setting up multiwan).

No documentation yet on this, feel free to write some.

Dear Tomba, you are setting things up wrong. I have FTP as well as other services working at OPT-Interfaces forwarded from WAN and I also configured an FTP-Server for someone at IRC that was reachable from OPT-WAN. I suggest you get to IRC this evening and try to contact me there. We can try to make it work together by remote administration.

@BugeyeD: i see BLOCK/DROP rules here, none of which are being logged. i do understand why they are there and what they are trying to protect against. what i noticed as being odd was that WAN (em2) is not represented here, whereas OPT1 (em1) is. so naturally i have to wonder if packets are getting dropped at OPT1 and not on WAN, thus breaking failover on OPT1 but not on WAN. but since logs are not being generated i can't tell for sure. updated to the new snapshot, still have the same situation and therefore the same question.

I updated to this latest snapshot and then tried to monitor my server via Server Watch and Qtracker and it still can't connect to it. It appears as though it is still not reflecting the UDP correctly at least for Quake 4.

You always need a VIP to make use of additional IPs on an interface. It won't work without. This is something that is different from m0n0.

Hoba, Thanks for all your help. It did exactly what it was suppose to. PFSENSE is a great product! SFM

I have that exact setup at home and even have ssh enabled at the pfSense itself. Add a log to the firewallrule that permits ssh traffic to the asterisk box. If you see a pass at status>systemlogs, firewall and also see a state for this connection at diagnostics>states the connection was allowed. Then it has to be something on the asterisk box. Btw, make sure your rules order is correct. You can't allow a connection somewhere at the bottom of the list when you blocked it somewhere above.

Just want to say thank you for this post. I was trying to figure this one out too, with no luck. Got my Kad in the Open state now. :)

Create portforwards at interface LAN, destination any for these ports and forward them to the internal IP of your proxy.

Try to add pass through IPs for these hosts as well.