@Ih4t3MS: … all requests appears to come from the firewall (internal IP). ... returns the internal ip of the firewall.... I am also having a similar issue. Did you achieve a resolution to this problem?

Can you show screenshots your firewall rules and your (outbound and inbound) NAT rules?

I have the same issue here at home. Its a great inconvenience and was wondering if a fix was being worked on. other than that i love PFSense.

OK. Thanks for that. I'll have to plumb the depths of his brain for how to do what I want to do… There'll be no working with him now... Talk about gloating opportunity ;-)

Go to System: General Setup and enter a number other than 80 for webGUI port (or check HTTPS for WebGUI protocol) and Save, Apply. Port 80 won't forward if pfsense is already listening on it. Go to Firewall:Virtual IP Address and create entries for 192.168.0.14/31 and 192.168.0.16 Save, Apply. pfsense has to know that your WAN is assuming those IP addresses. Go to Firewall: NAT: Port Forward and create an entry for WAN any TCP http 172.16.1.174 http Auto-add, Save, Apply. pfsense has to be told to forward your http port and to what internal address. db

What do you mean you cannot open ports to OPT1? What are you trying to do and how are you testing this? What doesnt work? Can you post screenshots of your firewall and NAT rules?

Okay..thanks for clearing that up. Cheers..

http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

So .. if i want this to work i must have 2nd static ip to bind it with my second domain ? and pfsense can understand the request so can route the ssh port deopends the domain(static ip) ?

Dunno why, but it didn't even occur to me to do this thru the firewall rules…  smack. Thanks for pointing out the obvious! Eric

:o i think i'll wait until someone fix this  ;D i'm not enough skilled to put hands on configuration files  ;) Thanks, Speck

version: 1.2.3 RC-1 my lan ip of my server: 192.168.1.158 (static lease) only changes i have made since install is to change my dhcp server to only lease 100->155 instead of 199, so that i could staticly lease 158. i have just removed 1.2.3RC1 and installed 1.2.2 and it works perfect so … i dont know what the problem was but it is working now

Looks like snort was causing all the mess, I shut it down and now everything is okay. However this isn't a solution, I really need snort. Any ideas? I really can't find any rules which would block traffic…

I'm afraid what I want to do is a little most specific though.  Lets say you already had all traffic on external port 3389 forwarded to port 10000 on host 192.168.2.3.  Let's say you also had all traffic on external port 443 forwarded to port 443 on host 192.168.2.3.  What I'd want to do at this point is forward all traffic from only host_a on port 443 to port 10000 on host 192.168.2.3. PF can handle this, since it evaluates NAT rules from the top down, stopping at whichever the first matching rule is (in contrast to rule evaluation, where the last matching rule wins).  So there's no chance of a conflict between the "all traffic" rule and the host-specific rule.  As with many things PF, you just had to be careful about the order of things.  But then if you've ever dealt with any kind of ACL, that's just how they roll. Anyways, I know this is a kind of specific request, but it's one of two things keeping me from all-out switching to pfsense from openbsd.  I'm so used to having ridiculously fine control of PF, it's hard to give up.  Even with how sexy pfsense is.

That helped :)