Thanks  :)

oh my god… that did it!!! this simple thing took me several hours, very much coffee and much more cigarettes... ;) thank you very much!!!!!! regards, sebastianus

Unfortunately, those servers behind pfSense Box are not able to set default gateway of 192.200.9.7. Due to this problem, I'm planning implement a Reverse Proxy (Pound) after pfSense box. From my noob understanding, with reverse proxy attached to the network, default gateway(192.200.9.7) is not required to be set on those servers…. am I rite??? ??? ??? Thanks for feedback...!!

HOBA, as always, thanks again as you resolved it for me.  From what I just experienced, pfSense is much "pickier" than something like Linksys.  All this worked using Linksys - even with changed RDP port on client machines.  pfSense is however, also MUCH more flexible.  Your advice on not changing default port in the RDP example was right on.  I changed all my LAN workstations back to default 3389 and just did NATTING of the port externally.  Not only is this less administration on each workstation, but it is also much cleaner. I also learned that maybe ports below the 1024 (e.g. 0327 in my case) does not work, so use above that as you suggested and it worked!  Maybe it is a pfSense or BSD thing, but it is just something to remember. Thanks again!

that makes sense now, I was certainly still using NAT 1:1 at that time without reverse-proxying the ftp server. thank you!

Check http://devwiki.pfsense.org/PfSenseDevHome for some developement related info. Also Try to learn from one of the other packages. You can check them out here: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/tools/packages/

No, I can't I don't have the old wrap board anymore. And yes, I'm running the "new" ALIX board.

Hello, I work in a spanish University. I have a network topology like yours, with now, everything working. If you still need help, I can help you. Bye

@GruensFroeschli: I would use 1:1 NAT only if you need a really large amount of ports on a server. For everything else i'd use normal forwardings. For the FTP to work correctly hoba wrote in several placed how to do it right (like here: http://forum.pfsense.org/index.php/topic,8464.msg47487.html#msg47487 ). If you use 1:1 NAT you can no longer use the IP for other "normal" forwardings. Or is your question if you can use 1:1 NAT for some IP's but normal forwardings for others? –> yes. Are all the FTP problems faced when accessing FTP from Internet?  I did not do anything besides the stock settings and yet, I have no trouble with secured as well as unsecured FTP using an IPSEC connection or PPTP connection over the internet. Thanks

ok thanks, i will give it a look this weekend.

This is not doable through the gui currently (not sure if it's doable at all).

Delete that portforward for 8080 and the firewallrule it created for it. Then readd the portforward making sure the firewallrule autocreate tickbox is still enabled. If that doesn't help either review your firewall rules at WAN. The order is important and in case you have some custom block rules there and the firewallrule is created below that one it won't match. If that still doesn't help edit the firewallrule and check the log option. Then retest and check your firewallogs at status>systemlogs, firewall.

I would drop the dsl router and build a dualwan pfSense. For the public IPs in the DMZ just use a bridged interface. That would make 4 interfaces in the pfSense then: WAN, WAN2, LAN, bridged DMZ.

Search is your friend….. http://forum.pfsense.org/index.php/topic,8562.0.html

Great, thanks so much. ;D

normal nat (portforward) is just a single port or a portrange of a specific protocol inbound. 1:1 means that all ports and all protocols are forwarded inbound and outbound to that IP. Both variants still need firewallrules for traffic to pass of course.

The best solution, IMO, would be to run both WANs to your pfSense and scrap the Checkpoint. Then you could have OWA on both WANs without messing with the server config…

I'm guessing by the stony silence this question has accumulated, this isn't something that pfsense is going to help me with. In the meantime, I came up with an alternate solution.  I setup a vpn connection to my internal server using OpenVPN.  I created a new interface with the external host's IP.  I setup a route for that IP from my workstation across the vpn. So, whenever I need to take over the external site's IP, I activate the vpn connection. I supposed using a proxy server on the pfsense box would be a way to go to keep the solution on the firewall box. Jim