Maybe a 1.1 feature, but don't take this as a promise. However (like always) patches accepted.

Thanks for the fast response. I believe it's involving Rendezvous/Bonjour, which looks like it can work with multiple subnets, but not without some DNS wizardry… I'm not sure Tivo would be able to use PTPP, so I'm guessing I'll have to either bridge or rethink things. :/

The ftphelper is a proxy server that opens up dynamically firewall ports by investigating the control connection of the ftp session when a client and the server communicates. it lives at the firewall itself, so traffic to this destination has to be allowed too. If it wasn't there you had to port forward the additional portrange your server is using and/or use passive/active mode for your connections.

That's pretty simple and I use exactly the same setup at the office even with multiwan: 1. Delete everything you tried to get this connection going as it apperently doesn't work. 2. At system>advanced uncheck "disable nat reflection" at the bottom and save (this will make your public IP portforward available for the internal lan clients) 3. At firewall>nat hit the [+] Icon and add a portforward for   Interface: WAN,   external adress: interface Interface,   protocol: tcp   External Port Range: HTTP - <empty>,   NAT IP: <local ip="" of="" the="" server="" in="" dmz="">local Port: HTTP Auto-add a firewall rule to permit traffic through this NAT rule 4. Save and apply It should work now.</local></empty>

Wont allow me to specify this mask unless I also set my WAN IP to this and I am guessing I will have 0 connectivity at all then?

;D yes, that does the trick!! thaaanx…

Ok, found the explanation to "solved button" http://forum.pfsense.org/index.php?topic=656.0.

Also make sure you are not blocking bogons. Finally check out http://faq.pfsense.com/index.php?sid=64164&lang=en&action=search

Great !! THX 4 help will continue on the german forum ;-) cheers

The easiest (and imo best way too) is to add a hosts alias with the IP adresses of the local audiocodes. Then enter this alias in the red field when running the wizard where it asks for VoIP. Calculate the maximum bandwidth your voipchannels could use (for example 4 channels at g711 is about 4*90kbit/s) and set this in the bandwidth dropdown at the VoIP wizard screen.

As it may cover the topic, I had problems with my old router and VoIP (United Internet), too. Problem was outgoing conections on random ports. But with pfSense and static port option in NAT, the problem disappeard automagically. The only thing you need is the one NAT rule mentioned and thats it. No Problems here anymore. Without any other software as e.g. the already mentioned proxies, you'll have to use a NAT rule. Grey

This was fixed just a few days ago.  cvs_sync.sh releng_1 if you have a full installation.

@hoba: Disable the outpost to see if it's causing the issue. What kind of WAN do you have? PPPoE? Other router in front of you? … I tried to disable outpost now, and it was closed anyway! I don't know if i have PPPoE (i have adsl2 from Bredbandsbolaget) I dont have any more routers, the pfSense is in the modem directly. In my old router (Netgear WGR614v6) it's work to have open ports. So i think it is the firewall in pfSense?

ah ha! changed the rule to GRE and we're good to go! cheers, darren

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-routing.html

Cool, bump the green button if your issues are solved  ;D

Ha! Thanks to you another quick ggogle gave me: http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2005-07/0173.html "Since windows sharing is generally a two way protocol you might find it a little hard to work with NAT. The name resolution is one thing and the RPC based authentication is another. " Thanks, it's great to have a clear answer.  I'm going to try that VPN solution today.

@sullrich: @sniffer: @Sharaz: im not sure why you would access something that is already on your local lan, via its external ip address?  (well i guess other than for testing). 1-To test external DNS 2-To test some rules (The rule are not the same via the Lan NIC and the OPT1 NIC) But with proxy,  its possible to test it, but you have to search active proxy… Thanks all for your answer Has anyone stopped to think of the ramifications of this feature?  ALL traffic that would have been to the LAN would be sent THROUGH the firewall.  What good is that when you could simply run split dns and keep all traffic LOCAL? Split DNS is possible if you have multiple IPs. I only have 1 and multiple servers on a VMware Server box. This is my home network and don't have money to spend for multiple IPs. So theres no easy way to seperate traffic to the same hostname on different ports to different machines without this feature. Yes you can go directly to the machine name, but for mail its a pain to switch back and forth when your inside and outside the network. Same with web applications that have hard coded address (Gallery is just one of them).

There won't be any change on the aliassystem for pfSense 1.0, but pfSense 1.1 is already under developement. The aliassystem has much improved already in 1.1 and work on it has just started. It's too early to promise anything but we allready discussed something like that in the past. Stay tuned  ;)

@ZGamer: The problem is that when it creates them that way they cancel out each other and the ports are not accessible from the outside. If you see a problem how about offering a patch?