Just wanted to let everyone know it wasn't a Pfsense problem, but a Barracuda Webfilter that was causing the problem, still not sure how, but it was the problem.

I only have the backend code which has to be applied to the firewall at every reboot. I dont write interface gui code. But I can walk a coder to what needs to be done in the gui to make it work with the backend. Until someone is willing to do ti its not worth my time and effort to do so.

Well you could do it like this:

Internal net: 10.1.1.128/25
External Net: 192.168.1.128/25

translates to

10.1.1.192/26  to  192.168.1.192/26
10.1.1.160/27  to  192.168.1.160/27
10.1.1.144/28  to  192.168.1.144/28
10.1.1.136/29  to  192.168.1.136/29
10.1.1.132/30  to  192.168.1.132/30
10.1.1.130/31  to  192.168.1.130/31
10.1.1.129/32  to  192.168.1.129/32

like this you dont have to create 125 rules but only 7

@tdickson:

I would love to use this feature to get around - or mitigate PPTP issues.
fricken seems to have hit a wall (either that or I can't figure it out)  and I have 90 public IP's I would love to randomize to help with PPTP connections…
You said you can set it up non-GUI?  I've been searching around, and this post (with no answer) is about as accurate as I can come by.
Any pointers are more than welcome.

have you managed to get this to work? I'm looking into doing the same thing…

Yes.
Search the forum for Advanced outbount NAT.

EDIT: sorry i just realized that LAN per default gets NATed to all Interfaces.
You shouldnt have to create any AoN rules.
It should just work.

I am still getting this problem, I don't know if anyone can help…

Thats very enlightening, it looks like that should do the trick, but it doesn't want to cooperate. I also tried static DNS mapping while I was at it and if I tried pinging the host in question, it would show the ip address I mapped statically, but the ping would time out. This made me wonder if I had a firewall rule stopping traffic from flowing, but I tried a basic config with all interfaces allowed to pass all traffic to  all other interfaces (all wildcards), but still nothing.

For now I'm content to use the local ip of the server when on the LAN, it's not that big a deal to have to remember.

Thanks for the help though!

Ah, including SSH in the search term was showing other irrelevant postings.  Thanks for pointing me to those.

To summarize for people who run into the same search pitfall:
If you are running 1.2RC3 or later, adding the following tag to the <system>tag within config.xml will increase the timeout:

<reflectiontimeout>3600</reflectiontimeout>

where 3600 is the number of seconds worth of timeout.

James</system>

I got it to work finally! Yihaa! Thanks for the hints and guidance sir!  ;D ;D ;D

Hmmm, I encountered something really annoying, when the alias and the rule are enabled I noticed that internet browsing is painfully slow including other normal internet related applications, I uninstalled squid and its still the same problem. When I disabled the rule the browsing speed returned to normal.

@heiko:

Here are some infomations…
http://doc.pfsense.org/index.php/Static_Port

Read the PPTP limitations on the Features page on www.pfsense.org.

It's being worked on in 1.3 right now, it looks like you will be able to connect multiple machines to the same external PPTP server by the time 1.3 is final. For now you can't, you can with other VPN protocols like IPsec, OpenVPN, L2TP, etc.

i´m sorry i dont understand what you meen, maby it´s just me but could you clarify what you want?

/f

You add it manually to the config.xml

Actually, you didn't read the information suggested. From Wikipedia:
A reason cited for rejecting this request relates to the lack of a published standards specification for CARP. The OpenBSD implementation is the closest thing to a formal specification of the protocol.
Here is some additional information, if you are interested:
http://www.packetmischief.ca/openbsd/doc/carp.html

Sorry, this is mirroring issue. If you hit 2.2.2.201:25 from any vlan interface then you will have source IP 1.1.1.4 in the packet received at 1.1.1.85.