Your port-forwards look ok.  The Ventrilo site mentions that they require ports 3784 TCP/UDP as well as 6100 UDP.  They don't mention 11610 at all unless it's been changed from default.

pfSense can assume other IP addresses, but it can't assume domains.  You still haven't rally explained what you're trying to do, but I assume you are wanting to internally route one or more services based on the requested domain.  We all understand the concept of virtual domains, and all modern web servers support them.  pfSense and other routing firewalls support virtual IP addresses but they are not concerned with domains.  pfSense by itself has no idea about domains.  You can install extra packages like HAProxy to do reverse proxying or load balancing, if that is what you want.

make sure the port is listening because i had that problem once it was listening it worked. Another thing windows firewall might block it too try to disable windows firewall and try it. If you also have comodo firewall also disable it.

Security is another issue entirely. OP wanted to know how to translate connections to a mail server on 25 to 587. The port forward does that.

@johnpoz: Its not using itself as a reference - I have a ntp server running on 192.168.1.40.. If I query it its using stratum 1 servers..  All my boxes and devices use it as ref, that first one is my pc I am on, then I changed over and looked at the server, then last one is pfsense showing what its talking too. As you can see pfsense uses 192.168.1.40 as its ref, not itself. Pfsense is a vm - using it as a time source would be pretty inaccurate. Got it.  Thanks. @johnpoz: As to w32tm yes it is a ok tool for that sort of thing..  As to what you were using to sync - that analog X or whatever, why??  Why not just run ntp?  Runs on pretty much anything, as you can see its running on windows..  While w32tm is not a bad cmd line tool for troubleshooting, the time sync in windows is a bit lacking.  I always just turn it off and install ntp directly.  You can get latest builds from here http://www.satsignal.eu/ntp/setup.html I was just using AnalogX for testing.  I wanted a free, simple NTP client that I knew how to use. I wasn't using w32tm at the command line because I didn't know how to.  I tried playing with settings in the time/date menu, but I found that it wasn't particularly reliable.  Outside of testing, I've found that the Windows utility both fails often, and isn't easily configurable to sync more than one per week (playing with the registry doesn't seem to fix it permanently- I just had it reset back to once per week by itself.)  On two machines in particular I have several reasons for wanting to keep the clocks within a couple seconds of the real time, I've generally found I (usually) lose more than that over a week.  So, thanks for the link to the ntp utility.  I'll give it a try.

well.. that is not good news…  :-\ thanks for reply...

Serious use, I wouldn't even use usb nics for play/testing.. So you have multiple ISP, and host stuff to the public - but your running on a piece of hardware that has only 2 nics and you want to use usb nics.. Come on your talking a few hundred dollars to get hardware better suited, etc..

Did the Virtual Server take the IP of the port where it is listiening ? Regards Daniel

For now I have edited the local DNS server to point at the LAN ip address of the IIS server for each hosted domain and that has resolved the issue. That's the best way to do it.  Avoid NAT Reflection if you can.

You have to think through logically how the SOAP protocol works and where your source and destination IPs are. Are you sending something from the internet into your local network? Is port 80 (this is what SOAP uses, no?) properly forwarded? Is port 80 maybe being intercepted by the management process of the pfSense firewall? Does SOAP require any funky backwards (server to client) or secondary connections (connect to 80, negotiate client-server connect to other port a la RPC) that might not be forwarded properly? One other thing you can try is to define a custom service with the destination port TCP 80 and set the inbound (internet -> server) policy to use this new TCP 80 service and not the built-in HTTP service. Some firewalls (I'm not too familiar with pfSense, admittedly) have helper-processes that look deep into the application layer to see what's going on in the application stream, and if the SOAP protocol "looks" different than a regular HTTP request, the firewall may flag it as invalid and drop the packets. Defining a custom service will tell the firewall to only look at layer 4 (TCP/UDP Ports) and no further, ensuring that non-standard protocols using standard ports will be properly forwarded without firewall interference.

You probably don't want to get rid of NAT. If you have multiple devices behind your firewall, you will need that NAT to allow them to access the internet. This is assuming, of course, that your provider has given you an IPv4 connection. I doubt your provider is handing out IPv6 addresses. If they were, there would be no need to NAT, as each machine behind your firewall would be getting a globally unique IPv6 address. With IPv4, you typically only get one, unless you pay handsomely for more. If you had IPv6, you'd just have to create policies allowing connections from the internet to host xyz via port 123 and that's it. With IPv4 you have to use port forwarding, taking the 65535 available ports on your single shared public IP and forwarding them individually to particular hosts inside your network, as well as creating the above policies (if the policy isn't already implied by the port forwarding, not too familiar with pfSense, tbh). Either way, for a bog-standard IPv4 internet connection, NAT and port forwarding are absolutely vital to make it work with multiple devices. Just forward the ports you need to the internal host you want and you'll be good to go. Alternatively, you can define one host as a DMZ, and all incoming requests will be forwarded to that host, with the exception of explicit forwardings (probably. again, not too familiar with pfSense. It's like that with other firewalls that I've worked with).

The netmask sometimes depends on the type of VIP. https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses

@killmasta93: #Speed up YouTube iptables -A INPUT -s 173.194.55.0/24 -j DROP iptables -A INPUT -s 206.111.0.0/16 -j DROP pfcode does it really speed up youtube? I thought youtube had a large amount of ip tables. I tried blocking them all failed miserable. LOLZ  :-[ [/quote] Yes. it does sometime.

Thanks.  And how do I make them an address pool? Do I create an alias with each of the IPs in it and reference that in a single outbound NAT rule? Or do I create a set of new outbound NAT rules, one for each VIP and reference the VIP in the Translation field? Or something different? Thanks, Jeff

I didn't build that one, I was just passing it along as it was generated by another dev. The fix isn't "proper" per se, it has some issues yet. I'm not sure if getting one for i386 at this point is viable until a proper fix is committed.

In that case, yes, you must have the default of leaving static port disabled. Otherwise in that circumstance, which is atypical as most commonly used things today randomize source ports, only the first internal IP going out to the same external IP and port with the same IP translation will work. The others end up having their reply traffic sent back to the first, or dropped as not matching the state potentially.

Problem solved…. I had to make a LAN firewall rule for 10.100.0.0/16 to the outside and also outbound NAT rules for the VLANS. Those made everything is working!

Glad it worked for you.