Did you add a static route on the ADSL-Modem pointing to 10.1.0.1 for the 10.0.0.0/16 subnet? Because if you dont add a static route your modem has no clue that this subnet even exists and thus will always send the data to it's default gateway. –> To your ISP which will just drop these packets.

I have added this, but unfortunately it doesn't appear to make any difference. A reboot of pfSense is still required to restore functionality of the VPN.

My problem is thet I didnt add static route. Scenario: 1. I add  static route, bat everything is the same. 2. reboot pfsense end internet is stop working. 3. delete every nat end rules. 4. add nat end rules the same thet I add before delete. 5. everything is OK !!!!!! ;) I dont have Courage to reboot Pfsense again ! The reason for everything is thet I want to limits numbers of connection subnet 10.100.206.0/24 . What is default in Firewall: Rules: Edit Simultaneous client connection limit Maximum state entries per host Maximum new connections / per second State Timeout in seconds

Have you made the adjustments to your sip.conf file that are detailed in the following link? http://forum.pfsense.org/index.php/topic,8682.msg50287.html#msg50287 These changes help tell asterisk what its local network address is so that it is less likely to give the wrong internal address in the SIP packets.

First of all, UPnP and PMP is not the same. Those are different protocols for more or less the same thing. Currently pfSense only supports UPnP. Enable UPnP at the interface that your MAC is sitting behind (probably LAN) and don't use any restrictions for now (unless you feel/fear that you have some untrusted hosts inside your lan). Basically you have to enable it at the interface on which the host will communicate with pfSense. It will create firewallrules and portforwards at the lan interface for you automatically, so you don't have to configure something there. That's what UPnP is doing. Not sure if BTMM supports UPnP. Though I have Mac's (and love them) I never have used that feature yet as I use VPN-connections for this purpose and more. http://www.codingmonkeys.de/portmap/index.html is a free tool to easily test if UPnP is working.

Hi, Hoba, My problem Solved!!!  :D :D :D Yeah, the MTU figure problem. I put 1500 initially. Wow, thanks so much for this. Thank you so much. Kelvin

Maybe this is another thread which will come to the conclusion that running a firewall in a virtual machine is not a good idea  ;)

You tried it wrong Did you read this thread: http://forum.pfsense.org/index.php/topic,8700.msg48871.html#msg48871 ? You have an entry to redirect http://zenstudios.blogdns.org.zenstudios.blogdns.org right now. you need more something along the lines of this: <hosts><host><domain>psymia.mine.nu</domain>   <ip>10.0.0.10</ip></host></hosts> <hosts><host>www</host>   <domain>psymia.mine.nu</domain>   <ip>10.0.0.10</ip></hosts>

You don't need additional boxes. Hint: What is a carpcluster consisting of 2 machines with 1 dead machine? Yep, still working  ;D

Hi My setup is i have 2 nos of Linksys PAP2 adaptors, 2 nos of Polycom, 4nos of Grandstream phones in my office. My network id is 192.168.1.0 I have installed pfsense 1.2 in my system with Lan IP 192.168.1.1 One wan connection with static IP My trixbox server located in remote place i mean not in our office. i Have given pfsense ip as gateway for all phones. regards Krishna

Thanks Hoba! That's good news!

Yes, just that tickbos. Will work with portforwards but not with 1:1 nat.

Test-system: WAN: 192.168.20.5/29 LAN: 10.0.0.0/24 Server: 10.0.0.12 1: create VIP. 2: create 1:1 mapping 3: create firewall rules on LAN and WAN to allow traffic from and to the server IP. [image: carp.jpg] [image: 1to1.jpg]

The standard command port is 22. You will need to look at your cerberus config to find out which range it uses for data.

But if you already have multiple names, shouldnt you be able to distinguish them by this name(IP?), and just make some destination-based rule decisions? Yep, the trick is ascertaining the hostname that the client is requesting.  (We can't turn the problem around and do it based on the client IP as these people travel).  If it were simple HTTP then we could use the inbound load-balancer (I think) but since it's direct RDP we're trying to extract the same data from the RDP session instead.

This is sourcebased nat. This is not possible currently.

Comcast is blocking pptp.  I went to the customer remote site and connected perfectly. Thanks for the help

Turned off ftp-helper on all interfaces and added a port forward on the lan inteface for ftp port and a passive range and it works great :), thx.

0.0.0.0 & 10.122.17.x - external to your network?

Looks like that will solve the problem just fine. Thanks hoba!