Limiters with NAT now work. https://github.com/pfsense/FreeBSD-src/commit/1d722dd06892ee05b1117ba6b3454baeec5f2690

Outstanding. Thanks.

This isn't really a pfSense question. You have to look at the config on your spam filter to see if there's a whitelist option to allow relays from your internal web server. Otherwise, smart host your webserver to some other MTA that won't bother checking the SPF record.

if no wan is connected how would its guest network work?  It sure doesn't bridge this different layer 3 network to normal lan network running on a different layer 3

From the sound of it, you're trying to run before you can walk. Start by configuring the firewall with the basic, out-of-the-box settings. Just configure your internal network settings, you WAN IP and gateway. Check that your LAN hosts can access the internet and that the PFS can pick up updates/packages. Once you get to this point, THEN look at trying to customise your outbound traffic and inbound NAT. After you make each change, check once more to see if your firewall can still pick up updates, etc. The point where things go awry will be when you make the change which breaks your connection. Then it will be easier to find out the fault and address it.

http://www.esecurityplanet.com/network-security/5-tips-for-fighting-ddos-attacks.html

@KOM: A port forward.  Post your NAT and sanitized WAN rules if you're having problems. Thanks again KOM. Took a bit of trial and error, but I got the Virtual IP created for the public IP, created the Port Forward NAT, and WAN Firewall rule. I also had to modify the default 0.0.0.0 route on the netscaler to point to the pfSense FW instead of TMG. I was able to test from my Azure Windows 10 client and Citrix XEN services all worked like a charm! -SK

Then you probably have some other rule performing that NAT to 10.10.100.11 instead. Post screenshots of your port forwards, your 1:1s, and your rules. Or: Diagnostics > Command Prompt cat /tmp/rules.debug Send that output to me in a PM.

I ran into this same issue after upgrading from 2.1 to 2.3.2 as well. Here's how I resolved it (I used the information from your example); (NOTE: Replace "pfsense.local" in the links below with the IP Address of your pfSense Installation.) First, you want to create a Firewall IP Alias (https://pfsense.local/firewall_aliases_edit.php?tab=ip) with the Source IP's you want to allow access from. [image: index.php?action=dlattach;topic=119276.0;attach=89482;image] Next you want to create your Firewall NAT Port Forward (https://pfsense.local/firewall_nat_edit.php) using the "Single host or alias" option for the Source, and then input the name of the Alias you previously created (pfSense will show you what it has saved once you start typing the name). NOTE: You will want to delete any Firewall NAT Port Forwards that are currently using the same Port and Destination IP's you are going to use. [image: index.php?action=dlattach;topic=119276.0;attach=89484;image] Continue to setup the Firewall NAT Port Forward as normal. Done.  8) Keyword Search Information: pfSense NAT "the destination port range overlaps with an existing entry" pfSense NAT multiple source addresses to single destination port pfSense NAT multiple source IP to single host [image: pfSense_-_Firewall__NAT__Port_Forward__Edit.png_thumb] [image: pfSense_-_Firewall__NAT__Port_Forward__Edit.png] [image: pfSense_-_Firewall__Aliases__Edit.png_thumb] [image: pfSense_-_Firewall__Aliases__Edit.png]

When you are dealing with overload NAPT you need to have enough IP addresses so you can handle every WAN_IP:PORT+DEST_IP:PORT combination. That increases the number of states a particular WAN_IP can serve dramatically beyond 65535.

Thanks for the tip! I was trying to find an easy way to verify that my virtual IP was actually working. It's not. I will call my ISP and see if they can help me out. Thank you both for your time.

"I wish I had a dollar for every person who thought they found a bug in pfSense but it was really a misconfiguration." hehe - if that could only go to help fund pfsense ;)

Do you have additional packets installed like Snort, Suricata or pfBlockerNG? If so, deactivate it for troubleshooting.

lolz.. i feel like a f***cking idiot..im sorry i had dyslexia i messed up on the NAT i put 192.168.1.6  instead of 192.168.1.210.. Thank you again..

Correct. You should be fine if the IP for the Cisco is not used on the pfSense box.

thanks guys i set up vpn its better all is well you guys saved my Job im in yout debt

1. How to configure NAT https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting 2. How to access forwarded port: 172.10.10.11:2222 or 172.10.10.10:2222 Via your WAN IP:2222

Thanks, will try another browser. EDIT: Same issue in Opera and Chrome, but worked in Firefox, thanks.