[FIXED]

Uggg, At the moment, Im feeling really dumb.

It was my fault, I had the digi's default gateway configured for the old router before I switched over to pfSense.

Sorry about that.

No, it still does not pass email according to the rule in port forwarding in the port forward nat section. (does port forward work for outbound??)  On outbound NAT there is no pptp to choose from in the inteface drop down.  I guess this would be analagous to using squid and forwarding those packets somewhere.  Should I try editing the config file?

Usually you change portrange for every computer.

EX:
Lets say i have 5 computers behind a NAT router i usually forward mabye 10 ports to every singel one.

forward to ->PC1 portrange->50000-50009
forward to ->PC2 portrange->50010-50019
forward to ->PC3 portrange->50020-50029
forward to ->PC4 portrange->50030-50039
forward to ->PC5 portrange->50040-50049

And then i configure all applications on every pc to uses that dedicated portrange.
EX: all p2p programs listen to those portranges and icq,msn and souch.
I  have never run inte problems by doing this, if the range is to narrow then open/forward maby 20 ports.

But if you cant change listening range in the application in question then you get into trouble.
Can you say what application it is? (easier to do any recomendation or find solution like special scripts and souch).

Have found the problem.
every user has to put ftp://ip adress:21/ to connect.
this problem is solved. and finaly…

Well changing the FTP helper status on or off will alter pftpx from running.  I'll check into the bogons piece.

http://forum.pfsense.org/index.php?topic=104.0

Did you create firewallrules to allow the incoming traffic? Only 1:1 NAT is not automatically passing all traffic (which would be a bad idea anyway).

Let's say one of your IPs is a webserver for example you need a pass rule like this:

protocol tcp
source IP any
sourceport any
destination IP <lan-ip of="" mailserver="">(NAT comes first, then firewallrules are applied so you have to use the internal IP as destination)
destinationport http (80)</lan-ip>

Not likely, we are not adding features.  We are only adding a new option when it corrects a bug.  Unfortunately this is not a bug and you can control it more tightly with firewall rules.

Help with docs is always appreciated. Good luck.

http://doc.pfsense.org

Add the rules to allow ftp to talk to localhost.

@josmo:

Ok here's the deal and it's got me very confused (By the way great job on this PFsense team so far this is great).

My Config.

LAN IP 192.161.10.1 with DCHP enabled
WAN 70.89.221.233 / 8
wan gateway 70.89.221.238

now from internally I can view and ping most sites.  But There are a few I can't like.  stumbleupon.com (70.85.3.132) and suvault.com (70.84.208.122)
I know this is an issue with pfsense or the way I have it set up because when I plug in the old linksys with the same wan ip and lan ip it goes to these sites just fine and I can ping them.  Anyone have any clue why this is going on?????

Thanks,

This looks like a Comcast business connection.  I guarantee that WAN is supposed to be /29.  I'm in the same 70.0.0.0/8 CIDR block (on two seperate connections) and /8 is NOT the correct netmask for machines attached to it.

–Bill

OK … its working now in PREBETA2 ... so it should be working in the upcome release (whenever that will be)

Thanks guys!!!

exactly.

Fair enough.  Thanks for all of your help Hoba.

Cool thanks.

thanks, for the fast reply hoba,  exactly what i thought it did,  and gladly not important at all for me since it doesn't seem to work without disrupting that port on the lan interface  ;)

nat reflection should only take effect for packets that are destined to the wan interface right ?

additionally,  if nat reflection was forwarding those packets to my web server, i would have gotten the page that is hosted on it…

let me know if there is anything i can do as well to help with this.

@sirocco:

I tried, but in 0.94.12 it doesn't work.

I have three interfaces WAN, LAN, OPT - port forward on LAN to proxy on LAN not work, the IF field on screen is empty.
Any ideas?

Proxy is connected to LAN and to OPT1 to avoid loop with port forward.

There is a known problem with this feature.  I still need to fix it.