Hello,

I work in a spanish University. I have a network topology like yours, with now, everything working.

If you still need help, I can help you.

Bye

@GruensFroeschli:

I would use 1:1 NAT only if you need a really large amount of ports on a server.
For everything else i'd use normal forwardings.
For the FTP to work correctly hoba wrote in several placed how to do it right (like here: http://forum.pfsense.org/index.php/topic,8464.msg47487.html#msg47487 ).

If you use 1:1 NAT you can no longer use the IP for other "normal" forwardings.

Or is your question if you can use 1:1 NAT for some IP's but normal forwardings for others?
–> yes.

Are all the FTP problems faced when accessing FTP from Internet?  I did not do anything besides the stock settings and yet, I have no trouble with secured as well as unsecured FTP using an IPSEC connection or PPTP connection over the internet.

Thanks

ok thanks, i will give it a look this weekend.

This is not doable through the gui currently (not sure if it's doable at all).

Delete that portforward for 8080 and the firewallrule it created for it. Then readd the portforward making sure the firewallrule autocreate tickbox is still enabled. If that doesn't help either review your firewall rules at WAN. The order is important and in case you have some custom block rules there and the firewallrule is created below that one it won't match. If that still doesn't help edit the firewallrule and check the log option. Then retest and check your firewallogs at status>systemlogs, firewall.

I would drop the dsl router and build a dualwan pfSense. For the public IPs in the DMZ just use a bridged interface. That would make 4 interfaces in the pfSense then: WAN, WAN2, LAN, bridged DMZ.

Search is your friend…..

http://forum.pfsense.org/index.php/topic,8562.0.html

Great, thanks so much.

;D

normal nat (portforward) is just a single port or a portrange of a specific protocol inbound. 1:1 means that all ports and all protocols are forwarded inbound and outbound to that IP. Both variants still need firewallrules for traffic to pass of course.

The best solution, IMO, would be to run both WANs to your pfSense and scrap the Checkpoint. Then you could have OWA on both WANs without messing with the server config…

I'm guessing by the stony silence this question has accumulated, this isn't something that pfsense is going to help me with.

In the meantime, I came up with an alternate solution.  I setup a vpn connection to my internal server using OpenVPN.  I created a new interface with the external host's IP.  I setup a route for that IP from my workstation across the vpn.

So, whenever I need to take over the external site's IP, I activate the vpn connection.

I supposed using a proxy server on the pfsense box would be a way to go to keep the solution on the firewall box.

Jim

:)

nothing gets blocked.

The rule looks good. That will map any traffic from that host to that IP. If you only want smtp for example you could add that to the rule too. Make sure it's above the default lan to wan rule in the list. You need manual outbound nat to be turned on or it won't use your manually entered rules.

Mainly lack of interest/need I think. Posting a bounty could always help.

Agreed  :)

Looks like that got it.  Thanks for the info.

well, rebooting pfsense for another task has also fixed this..
thanks

I'll give it a try.  Hopefully I only have to put one firewall entry in.

EDIT:  That did it.  Seems to be working fine now.  I only had to use one firewall entry too.  So 2 NAT and 1 firewall with tcp/udp.