Nope, switched it back to https and left the port default and all i get when i got the the web address is a white blank screen. Which I am assuming is the pfsense install.

Hello thanks, made a change to the configuration. Now the SSL-VPN is in the DMZ and surpringly it now works. Tried to check all differences. Only special thing was a suspicious DHPC reservation for the laptop. Still wonder what the problem was.. regards, Hans

Just a dumb question but in the "Interfaces -> Wan" settings are the "Block private networks" and / or "Block bogon networks" check-boxes checked??? If so try un-checking them and see if it helps… gm...

I personally have the same problem and I do understand the uncheck VPN default gateway option on the client. However there are employees not capable of doing this there are peoples that simply would prefer to connect and browse their site from VPN without unchecking that option in pptp VPN, … Bottom line is it should be pretty simple to add to the code an option to allow proxy arp on the pptp interface. Is there a way to do it ?

And if you rearrange the drawing a bit you'll see: ┌───────┐                      ┌───────┐              ┌──────┐    –WAN--┤ pfSense ├--LAN---(WAN)--┤ untangle ├--(LAN)--┤ switch ├--(local subnet)-...               └───────┘                      └───────┘              └──────┘ You said you can reach the Untangle box's SSH port from local subnet side. Are you sure it is reachable from its WAN side (or whatever it's called) as well? This would explain your problems at least. But to be honest I don't know a thing about an 'Untangle' box so maybe I am totally off track.

Dude you're doing it all wrong, this exact same thing happened to me a few days ago coz of what I've read in the monowall documentation regarding 1:1 NAT, it's not complete. Although you can mix port forwarding rules with 1:1 NAT, it is not necessary as long as you have that many public ip's available. This is the procedure you should follow: 1. Create the Virtual Ip's. 2. Mapped the public ip's to the virtual ip's you've created in step 1. 3. Finally create firewall rules allowing a particular service that your server will be providing, (let's say that is a  web server) create a firewall rule in your WAN interface allowing tcp port 80 from anywhere to the private ip address of the web server. e.g. TCP  *  *  192.168.1.2  80(HTTP)  * You also ought to read this thread about 1:1 NAT -> http://forum.pfsense.org/index.php/topic,6965.0.html HTH

Finally I was able to make 1:1 NAT work by following this thread –> http://forum.pfsense.org/index.php/topic,6965.0.html maybe I was stressed out yesterday that it's why I can't make it to work coupled by the rustiness of not using pfSense for more than a year.  ;D now if only I can make the DNS point to correctly in order to receive mails, currently only outgoing mails is working.

Well the reason i was asking is because Skype was not working on my Mac Mini and I suspected everything.  I could hear fine but could not manage to get my microphone audio to work.    It appears that the newer Mac Minis do not have audio input working even though there is a plug labeled audio in. So I shoulda figured, my little BSDy is working like a champ as usual. Skype audio from the test call was excellent.

i have some experience with pf from running a openbsd firewall, but not to much on the NAT/RDR part, im guessing a rule like this would suffice: rdr pass on $wlan_if inet proto tcp from any to any port www -> $squid_server port $squid_port But i wanted to do it in the web gui as you said, configuring from the command line is not supported :( Is there a file or something that can contain custom rules?

Fixed it with the below settings … Sorry I just did not know how to make static ports actually work. [image: 4.GIF] [image: 4.GIF_thumb]

It's not a firewall rule you have to setup to make your adapter use always the same connection, you have to manually create a NAT Table for this IP address, see the NAT configuration page and the "Outgoing" tab. This is probably your problem, the load balancing try to swing the connection from WAN to WAN, but get blocked by the firewall 2/3 of the time. You shouldn't have to create firewall rule to allow communication to Vonage, as long as you have a rule that Allow any connection from lan to WAN. Give the outgoing NAT a try, I can't help you more than than I never played with outgoing NAT I always used Automatic, because I only have one WAN.

I hav proceed to more tests, and on new issue is that, from the client 192.42.14.198 (LAN2), i can't traceroute the pfsense gateway, and from the pfsense gateway, i can't traceroute the client on LAN2. The traceroutestop à my LAN1/LAN2 gateway, but the ping  works!! Can it com]e from my LAN1/LAN2 gateway? here is its configuton : qw-14:/home/jerome# ifconfig eth0      Lien encap:Ethernet  HWaddr 00:50:04:1D:B0:7C            inet adr:192.168.1.214  Bcast:192.168.1.255  Masque:255.255.255.0           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:2140 errors:0 dropped:0 overruns:0 frame:0           TX packets:766 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 lg file transmission:1000           RX bytes:179096 (174.8 KiB)  TX bytes:89501 (87.4 KiB)           Interruption:11 Adresse de base:0xa000 eth1      Lien encap:Ethernet  HWaddr 00:01:03:03:9F:AF            inet adr:192.42.14.254  Bcast:192.42.255.255  Masque:255.255.0.0           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:501 errors:0 dropped:0 overruns:47 frame:0           TX packets:117 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 lg file transmission:1000           RX bytes:69929 (68.2 KiB)  TX bytes:10950 (10.6 KiB)           Interruption:5 Adresse de base:0x2400 qw-14:/home/jerome# route Table de routage IP du noyau Destination    Passerelle        Genmask          Indic  Metric  Ref    Use  Iface 192.168.1.0    *                    255.255.255.0    U        0        0        0    eth0 192.42.0.0      *                      255.255.0.0        U        0        0        0    eth1 default          192.168.1.254  0.0.0.0              UG      0        0        0    eth0 qw-14:/home/jerome# cat /proc/sys/net/ipv4/conf/all/forwarding 1

http://forum.pfsense.org/index.php/topic,7001.0.html

Please make a screenshot of the firewall rules and any related nat rules.

alright; I unchecked the NAT reflection box, and that did the trick. ugh, that was driving me nuts, so I thank you guys a lot.

well, I think I got things figured out; I waited a bit after I made the port forwards; and everything works; I guess it's just not instant, is all.