You don't need additional boxes.

Hint: What is a carpcluster consisting of 2 machines with 1 dead machine? Yep, still working  ;D

Hi

My setup is

i have 2 nos of Linksys PAP2 adaptors, 2 nos of Polycom, 4nos of Grandstream phones in my office.

My network id is 192.168.1.0

I have installed pfsense 1.2 in my system with Lan IP 192.168.1.1

One wan connection with static IP

My trixbox server located in remote place i mean not in our office.

i Have given pfsense ip as gateway for all phones.

regards

Krishna

Thanks Hoba!

That's good news!

Yes, just that tickbos. Will work with portforwards but not with 1:1 nat.

Test-system:
WAN: 192.168.20.5/29
LAN: 10.0.0.0/24
Server: 10.0.0.12

1: create VIP.
2: create 1:1 mapping
3: create firewall rules on LAN and WAN to allow traffic from and to the server IP.

The standard command port is 22.
You will need to look at your cerberus config to find out which range it uses for data.

But if you already have multiple names, shouldnt you be able to distinguish them by this name(IP?), and just make some destination-based rule decisions?

Yep, the trick is ascertaining the hostname that the client is requesting.  (We can't turn the problem around and do it based on the client IP as these people travel).  If it were simple HTTP then we could use the inbound load-balancer (I think) but since it's direct RDP we're trying to extract the same data from the RDP session instead.

This is sourcebased nat. This is not possible currently.

Comcast is blocking pptp.  I went to the customer remote site and connected perfectly.

Thanks for the help

Turned off ftp-helper on all interfaces and added a port forward on the lan inteface for ftp port and a passive range and it works great :), thx.

0.0.0.0 & 10.122.17.x - external to your network?

Looks like that will solve the problem just fine. Thanks hoba!

Thanks  :)

oh my god… that did it!!!

this simple thing took me several hours, very much coffee and much more cigarettes... ;)

thank you very much!!!!!!

regards, sebastianus

Unfortunately, those servers behind pfSense Box are not able to set default gateway of 192.200.9.7. Due to this problem, I'm planning implement a Reverse Proxy (Pound) after pfSense box. From my noob understanding, with reverse proxy attached to the network, default gateway(192.200.9.7) is not required to be set on those servers…. am I rite??? ??? ??? Thanks for feedback...!!

HOBA, as always, thanks again as you resolved it for me.  From what I just experienced, pfSense is much "pickier" than something like Linksys.  All this worked using Linksys - even with changed RDP port on client machines.  pfSense is however, also MUCH more flexible.  Your advice on not changing default port in the RDP example was right on.  I changed all my LAN workstations back to default 3389 and just did NATTING of the port externally.  Not only is this less administration on each workstation, but it is also much cleaner.

I also learned that maybe ports below the 1024 (e.g. 0327 in my case) does not work, so use above that as you suggested and it worked!  Maybe it is a pfSense or BSD thing, but it is just something to remember.

Thanks again!

that makes sense now, I was certainly still using NAT 1:1 at that time without reverse-proxying the ftp server.
thank you!

Check http://devwiki.pfsense.org/PfSenseDevHome for some developement related info. Also Try to learn from one of the other packages. You can check them out here: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/tools/packages/

No, I can't I don't have the old wrap board anymore. And yes, I'm running the "new" ALIX board.