@pingulino: or are you saying that 2.0.1 is so buggy it won't function correctly?? That's not what I've said. What I've said is that there have been relevant bugfixes since 2.0.1 (and a whole lot more of those in 2.1) @pingulino: That's scary! Running a deprecated version with known security issues sounds even more scary. You won't see any fixes there either. You can play with the -N switch for pureftpd, diff the configs etc. Other than that, no idea. P.S. Trying active FTP to a server behind NAT is completely futile effort.

Not automatically. You can backup the config.xml edit them out and restore. Or delete the rules before you remove the card. They are not placed into the ruleset so they are inactive in the config so it doesn't really matter that they are there.

IF your WAN subnet is private you shouldn't have the block rule.

Cause the costumer only routes 192.168.16.0/28, politics. Nervermind I get it. I was doing the NAT at the wrong interface, working now.

So far - i've just made openVPN as neighbor LAN (LAN - 30.0/24, openvpn 31.0/24), and for BINAT i used 30.0/23 mask - so it working. But i'm not sure if this right solution =)

@johnpoz: Are you other forwards working? If you feel your rules are correct - then first thing to do is actually verify the traffic is reaching pfsense.  Its quite possible your isp just started blocking it?  Verify pfsense sees the traffic, verify pfsense sends on the traffic.. So quick It really is a no brainer – click, and done..  Post up your nat and wan rules.. attached is my nat, wan rule that nat created and quick test by doing simple sniff on wan interface and lan inteface. edit: just noticed your other post that is working ;)  Guess no need for this post then - but hey can leave it for the next guy on how to do a simple sniff and verify traffic seen at your wan and then sent out your lan. This simple test would of pointed you to your web server right away, since you would seen the packets go out to it, but it not answering.. Haha thanks again for the detailed reply.  That's a cool looking site too, I was using nmap from a cell phone, but that looks a lot more convienent :) Thanks!

I don't see how it can be done with normal routing. You could setup PPPoE on pfSense and connect to it from the host. Then on pfSense 1:1 NAT the virtual IP address to the host's PPPoE client address. By default the host will then use pfSense for Internet traffic including other subnets it doesn't have explicit routes to. Double NAT should also work fine. Add a second IP address on the Cisco router and 1:1 NAT the virtual IP address from pfSense to that. Then in the Cisco router 1:1 NAT the second IP address to the host. This will work fine for incoming connections. You'll need to setup appropriate conditional routes on the host and the Cisco router for outbound connections.

@KurianOfBorg: Reset pfSense and try again. This should work out of the box after creating a WAN connection using just the wizard. Yea, I figured it out once I saw that you thought everything looked good.  I went back to the simple basics…and then I realized, that I was a moron and forgot to set the DNS server in the General Setup.  Plugged it in and wouldn't you know it...it works.

I tried above procedure, (1) installing squid transparently (2) configuring upstream server name and port.  It works for http but for https it is not stable. I think the problem is squid configuration or pfsense's firewall rules. If it is pfsense's firewall, please give me some head up. I am totally new to pfsense firewall.

Well I managed to get it to work with 1:1 NAT using VIP (as IP Alias) and I just sat the firewall rules (for 1.1.1.195). [image: vw9deTg.png]

@raphaelns.sup: @KurianOfBorg: Why have you set the destination instead of source? Where Do I Put the IP? I'm very lost how to do this. Well! I finish it. I changed the rule to source and is working now. Thanks!!!!

@dav63: Hi, I have fixed the issue: 1. Added NAT Outbound Rule for port forwarding with range for passive ftp, I defined same range in  proftpd server configuration file (50000 - 60000) 2. Disabled proxy ftp helper from kernel now it works perfectly! Thxs for help! It worked in the beginning but did some changes and I can never get it to work again. Fowards range from 2000-2020 > ftp server port 2000 ftp server listen on port 2000 and passive is 2000-2020 I also have set debug.pfftpproxy = 1 version of pfsense 2.0.3-RELEASE (amd64) built on Fri Apr 12 10:27:56 EDT 2013 FreeBSD 8.1-RELEASE-p13 Can't get it work. EDIT…. it seems that when I did an update it was corrupted.. did a fresh install it was good to go.

I did the same on my ESXi box, management interface on a private vSwitch with pfSense public IP facing. I'd suggest that once you get the pfSense box configured how you like it that you set the disk to non-persistent mode and that in the VM startup/shutdown options you set that VM as being the first to automatically start upon reboot.  With non-persistent set then if anything gets messed up in pfSense, bad configuration, it gets hacked, etc. you just have to remotely reboot the entire machine and you should come back up with a good working setup.

It was not a setting in PFSense, I found that I did not match my rDNS to the HELO address, rather to a requested hostname.  Sorry quys, thanks for the help. "I could not figure out how to delete thread."

Sounds like a broken network architecture. Without full details of both sides I can't provide any useful help.

I happened to have been confused by that error message yesterday also! The error text is fixed in 2.1-RC1.

I just had the exact same issue. I removed the rule for port = 0 and the "replay TV" and "start over" features of my CATV provider are now working fine :) Actually it seems to be from the same provider than darkm00n… I will try to contact my ISP/CATV provider about this issue but I fear they won't care about it :-\