Usualy it is something stupid. The firewall on local web server blocked traffic. Everything works like a charm. I fwded SSH and HTTP without any problem. Thanks.

Please use the search function. This has been asked numerous times. –> http://forum.pfsense.org/index.php/topic,5727.msg34562.html#msg34562

Thanks GruensFroeschli, I'll try with that in mind, but I think I'll make a virtual machine for this, don't want to mess with the coders again. If you remember anything more or find a guide or something please post it, it would be nice to fix this before we're going online with this Kind regards Quandion

I don't use bridged mode very often, but I generally plug a laptop directly into a bridged modem if I need to access it. There are numerous threads asking the same question you did. This might be a good place to start http://forum.pfsense.org/index.php/topic,5727.msg34562.html#msg34562

firewall –> rules --> WAN Modify the autogenerated firewall rule for your portforward. Probably the easiest is, if you create an alias containing all your sources you want to allow, and use this alias as "from".

push :-) Hi, does anyone has a suggestion on this one ? I do not get a clue. Thx :-)

FYI,           I found the issue. There were actually a few different problems. First, The webserver was referencing both private and public ip addresses that correspond to the private ip. Second, The firewall does not support NAT reflection unless you utilize port forwarding. The fix was easy. I setup all services to use port forwarding and enabled nat reflection under advanced options and also modified the lan rule source to * (any) to fix the problem. What gave it away was that the webserver (with ipcop in front of it) could access webpages via the public ip. and with pfsense it could not. PFsense does some actual sessioning versus ipcop providing only basic nat. PFsense was not the issue!!

For future reference, I added some information on this to the FAQ section of the Doc Wiki http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

No, just the one box, the two points on the ascii diagram were the two 'interfaces' of the 1 pfsense box. I have the vpn access to allow two computers to connect up remotely and talk to each other but not to my lan. the idea with the nat was to create access to a service on my lan without giving them full lan access, and without requiring them to use me as a default gateway. here is a screen shot of three rules. I used telnet in this example. The top rule works from my wan IP but then everyone could access it. The two rules below don't seem to work [image: nat.PNG_thumb] [image: nat.PNG]

i've experienced exhausting our state table before and we have found the culprit. it was a ddos attack on port 445. ever since we disabled port 445 on our windows systems, state exhaution never happened again. it somehow cured the problem but the internet connectivity would still get interrupted occassionally. this gave me doubts on NATing a large network. the only solution i do for now is to reset the state table although it never even consumes half of the maximum that i set.

doh! You are absolutely correct. All the instances where I (incorrectly) thought this was happening has squid installed.

That reflection stuff is hard … http://forum.pfsense.org/index.php/topic,14572.0.html

I did this and now it works fine… http://doc.pfsense.org/index.php/Static_Port

I find it. /etc/inc/filter.inc add $rules .= "set timeout tcp.established 3600\n"; and $rules .= "set timeout tcp.closing 60\n"; before line $rules .= "\n"; /* User defined maximum states in Advanced menu. */ $rules .= "set limit states {$config['system']['maximumstates']}\n"; } $rules .= "set timeout tcp.established 3600\n"; $rules .= "set timeout tcp.closing 60\n"; $rules .= "\n"; and DC, eMule, uTorrent works well.

More info:  The change that is doing it is when I switch the default LAN -> Any firewall rule from the default gateway to the "WAN1 -> WAN2 Failover".

You can only do that with ICMP and NAT when using 1:1.