If the modem already does NAT you will have a private IP address on WAN. If so, you have to uncheck "Block private networks" in the WAN interface settings to permit incoming connections. Also consider that you need to set a firewall rule to allow incoming traffic as well. This may also be done in the NAT rule by the "rule association" option.

Normally that happens when you are at full multitasking with just one core processor (head)…  :)

All the phones are on the same subnet with the voip server (192.168.10.0/24).  The voip server is static on 192.168.10.15. That is same-subnet traffic. The firewall is not involved other than, perhaps, as a DNS and DHCP server. Probably going to have to be more specific about what is or is not working.

Glad to get it sorted out ! Thanks for your help dotdash

I think that video doesn't show what you try to achieve. The goal in the video is to deploy a trusted environment in an AD domain by installing the root CA's cert on the DC and rolling out a policy to trust it. To get a webserver work with HTTPS you need a pair of a private key and a public certificate. Most webservers provide a generator for a self signed cert, which is easier to install than that. But if you want, you may also install a cert generated by a CA on pfSense. However, you have also export the private key of the cert, either as separate file or as a p12 bundle, and install both on your webserver. How to do this, depends on the webserver type.

"IPv4 Address 196.219.129.21 Subnet mask IPv4 255.255.255.255 Gateway IPv4 10.45.10.37" That is Just Borked!!!  So they gave you a static IP of public with a /32 mask and a gateway that is rfc1918 (10.x.x.x) ?? What sort of shit ISP is this?? is this your static you set?? 41.39.34.86 Subnet mask IPv4 255.255.255.0 Gateway IPv4 41.39.34.1 They gave you a /24?? So your saying you can not ping 41.39.34.1? Screenshots would be easier to read! I would suggest you pull down your config you posted it has your pppoe password and user name in the clear. Wow is this F'd UP!!! traceroute to 41.39.34.1 (41.39.34.1), 30 hops max, 60 byte packets 1  192.168.9.253  2.327 ms  2.262 ms  2.215 ms 2  96.120.24.113  19.491 ms  18.426 ms  19.460 ms 3  162.151.90.117  19.435 ms  19.407 ms  19.396 ms 4  68.86.188.93  23.062 ms  21.120 ms  21.135 ms 5  68.86.91.165  23.019 ms * * 6  68.86.82.158  20.925 ms  17.297 ms  21.901 ms 7  199.229.229.249  26.168 ms  12.128 ms  20.069 ms 8  141.136.105.222  133.184 ms  133.131 ms  132.191 ms 9  46.33.84.102  156.814 ms 46.33.85.198  156.209 ms  154.668 ms 10 10.36.18.162  164.761 ms  165.683 ms  163.506 ms Just F'ing wow!!! traceroute to 196.219.129.21 (196.219.129.21), 30 hops max, 60 byte packets 1  192.168.9.253  1.188 ms  1.582 ms  1.850 ms 2  96.120.24.113  11.927 ms  17.753 ms  16.818 ms 3  162.151.90.117  17.714 ms  17.677 ms  17.652 ms 4  68.86.188.93  20.070 ms  20.040 ms  20.880 ms 5  68.86.91.165  19.968 ms *  19.905 ms 6  68.86.82.158  19.833 ms  18.904 ms  18.579 ms 7  199.229.229.249  17.112 ms  12.972 ms  13.492 ms 8  141.136.105.222  138.849 ms  138.461 ms  136.909 ms 9  46.33.84.102  164.928 ms  165.035 ms 46.33.85.198  154.796 ms 10  10.36.18.162  166.384 ms  166.052 ms  164.960 ms 11  * * * 12  * 10.36.18.114 166.756 ms * You might want to contact your ISP that is just BORKED beyond belief!! 10.x.x.x is rfc1918 space!!

I tried with the suggested webgui ip address but no luck. Hosts Allow 192.168.10.0/24 10.0.7.0/24 192.168.0.0/24 Space delimited set of IP or CIDR notation that permitted to access the WebGUI. (empty is the same network of LAN interface) Network, LAN Managment IP Address  192.168.0.250/24 Gateway    192.168.0.1

I was able to solve by problem using the information provided here:: https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks Thanks!

@jimp: Sounds like you have cameras that require using a specific port to operate and don't like being remapped. Use a VPN instead. Aside from being more secure than opening DVRs up to the Internet, there is no NAT so it will probably work without any other adjustments. Never open any cameras to the Internet like that. It's just asking for trouble. Ok, I will try to do that. I was thinking about that but I never did anything with VPNs before(aside of HOLA, like everyone) Also, today we tried to uncheck https on the one that did have and suddenly it showed the cameras that I wanted to see but instantly started showing those cameras in the other DVR as well.

If I remember correctly, the 192.168.100.1 on SB Modem is used when the device is in bridge mode, and has both status info and a login for management ?

I manage a lot of Watchguard firewalls using VOIP and they run into similar issues with UDP time outs. We simply just increase the default UDP time outs. I'm sure it can be done in PFSense. I run a PFSense box at home but never needed to change that. I did found this thread with someone having VOIP issues. I'm sure you can find your answer here on how to increase the time outs. https://forum.pfsense.org/index.php?topic=4364.0

If they are both local, why do you need NAT? Just craft proper firewall rules and they can route directly. Otherwise you'll either have to setup multiple VIPs on pfSense so you can do 1:1 NAT -or- you'll need to map each monitored device to a different SNMP port. That may only work if your monitoring system lets you specify the SNMP port for a monitored host.

I believe i resolved the issue: Navigate to Firewall > NAT on the Outbound tab Select Hybrid Outbound NAT rule generation. (Automatic Outbound NAT + rules below) Click Save Copied the rule at the bottom of the page labeled "Auto created rule for LAN". Edited the rule so it only covers the source IP of the device that needs static port, example 192.168.1.2 /32 Check Static Port box on that page Click Save Move the rule to the top of the list Click Apply Changes Rebooted ps4 Done

@mishad: Vodafone fibre broadband in UK. Apparently their policy is to not give out the PPPoE credentials (despite there being nothing in their T&Cs saying that only their provided equipment can be used) - though a few customers do seem to have managed it (probably via the magical powers of the"retention" team). Very unfortunate. I know in the UK you have lots of broadband options assuming you have access to BT or TalkTalk backhaul.