http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

So .. if i want this to work i must have 2nd static ip to bind it with my second domain ? and pfsense can understand the request so can route the ssh port deopends the domain(static ip) ?

Dunno why, but it didn't even occur to me to do this thru the firewall rules…  smack.

Thanks for pointing out the obvious!

Eric

:o i think i'll wait until someone fix this  ;D

i'm not enough skilled to put hands on configuration files  ;)

Thanks,

Speck

version: 1.2.3 RC-1
my lan ip of my server: 192.168.1.158 (static lease)
only changes i have made since install is to change my dhcp server to only lease 100->155 instead of 199, so that i could staticly lease 158.

i have just removed 1.2.3RC1 and installed 1.2.2 and it works perfect so … i dont know what the problem was but it is working now

Looks like snort was causing all the mess, I shut it down and now everything is okay. However this isn't a solution, I really need snort. Any ideas? I really can't find any rules which would block traffic…

I'm afraid what I want to do is a little most specific though.  Lets say you already had all traffic on external port 3389 forwarded to port 10000 on host 192.168.2.3.  Let's say you also had all traffic on external port 443 forwarded to port 443 on host 192.168.2.3.  What I'd want to do at this point is forward all traffic from only host_a on port 443 to port 10000 on host 192.168.2.3.

PF can handle this, since it evaluates NAT rules from the top down, stopping at whichever the first matching rule is (in contrast to rule evaluation, where the last matching rule wins).  So there's no chance of a conflict between the "all traffic" rule and the host-specific rule.  As with many things PF, you just had to be careful about the order of things.  But then if you've ever dealt with any kind of ACL, that's just how they roll.

Anyways, I know this is a kind of specific request, but it's one of two things keeping me from all-out switching to pfsense from openbsd.  I'm so used to having ridiculously fine control of PF, it's hard to give up.  Even with how sexy pfsense is.

That helped :)

Double check that you are allowing the traffic in the firewall rules from any address and any source port. Run shields up on the ports you have forwarded and look at the firewall logs to see if anything is blocked.

Let's make this simpler.  I've read - I don't understand.  I've searched, but not for said topic of splitting the dns.  I searched for the modem model and also for port forwarding, and turned up nothing that helped.  If you like I can PM you and have you connect to my machine via RD or some other method and you can attempt to fix it yourself.  That would make life a lot easier.  In any case, I'll read the second thread you linked and see if it helps.  Waiting on your reply, and thanks.

I use XenServer not VM-Ware but ran into a similiar situation.  What was happening was the NAT to firewall rul was not being built correctly.  Shortly after that a new release hit and I have never had any other trouble.

Check your rules to make sure that they are being built correctly
RC

So you just want to have internally a different port than is open externally on the pfSense?

Yes pfSense can do that.
Did you try to set such a NAT-rule and it didnt work?
(Acutally did you even look at the NAT-config page?)