:)

nothing gets blocked.

The rule looks good. That will map any traffic from that host to that IP. If you only want smtp for example you could add that to the rule too. Make sure it's above the default lan to wan rule in the list. You need manual outbound nat to be turned on or it won't use your manually entered rules.

Mainly lack of interest/need I think. Posting a bounty could always help.

Agreed  :)

Looks like that got it.  Thanks for the info.

well, rebooting pfsense for another task has also fixed this.. thanks

I'll give it a try.  Hopefully I only have to put one firewall entry in. EDIT:  That did it.  Seems to be working fine now.  I only had to use one firewall entry too.  So 2 NAT and 1 firewall with tcp/udp.

Looks like your ftpserver hands out his private IP to the client. Check your ftpserver's manpage to see how to make it aware of it's public IP.

Sounds like a wrong subnetmask or a wrong gateway IP to me on Interfaces>WAN

Thanks  ;)

Reply to myself… Some more info on the subject. This is what I would like to do, but in pfSense. Doable? http://www.mail-archive.com/misc@openbsd.org/msg13901.html and the answer in this case: http://www.mail-archive.com/misc@openbsd.org/msg14011.html

I just encountered this same issue with a Verizon business connection (FiOS, not DSL), and found that using CARP instead of ProxyARP also seems to work, without having to cycle your WAN IP.

look at this post http://forum.pfsense.org/index.php/topic,5748.0.html

keyword: VIP (as in Virtual IP) the search function in the top-bar. http://pfsense.com –> Documentation Also you can install pfSense on your IP330 (again: search function of the forum)

So far so good, things have not gone down since converting to carp.

keyword: policy routing Create a rule at the top of LAN with "source" your IP and "gateway" the interface you want the taffic originating from.

Great thanks so much for your helpfull advice  ;D

Reset states is only needed if you are adding a block rule and you have the suspicion that some connections might already be established that you want to be dropped. Btw, if you click on the block icon in front of the line of the firewalllog you will get a notification which rule triggered this block ;)

May I suggest that you start reading about networking? A possible start could be here: http://en.wikipedia.org/wiki/IP_address http://en.wikipedia.org/wiki/Subnetwork http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing but it's not limited to that. And no, I didn't say your problems arise from false subnetting. Wikipedia has an article about NAT (Network address translation) as well.