i have some experience with pf from running a openbsd firewall, but not to much on the NAT/RDR part, im guessing a rule like this would suffice:

rdr pass on $wlan_if inet proto tcp from any to any port www -> $squid_server port $squid_port

But i wanted to do it in the web gui as you said, configuring from the command line is not supported :(

Is there a file or something that can contain custom rules?

Fixed it with the below settings … Sorry I just did not know how to make static ports actually work.

4.GIF
4.GIF_thumb

It's not a firewall rule you have to setup to make your adapter use always the same connection, you have to manually create a NAT Table for this IP address, see the NAT configuration page and the "Outgoing" tab.

This is probably your problem, the load balancing try to swing the connection from WAN to WAN, but get blocked by the firewall 2/3 of the time.

You shouldn't have to create firewall rule to allow communication to Vonage, as long as you have a rule that Allow any connection from lan to WAN.

Give the outgoing NAT a try, I can't help you more than than I never played with outgoing NAT I always used Automatic, because I only have one WAN.

I hav proceed to more tests, and on new issue is that, from the client 192.42.14.198 (LAN2), i can't traceroute the pfsense gateway, and from the pfsense gateway, i can't traceroute the client on LAN2.
The traceroutestop à my LAN1/LAN2 gateway, but the ping  works!!

Can it com]e from my LAN1/LAN2 gateway? here is its configuton :

qw-14:/home/jerome# ifconfig eth0      Lien encap:Ethernet  HWaddr 00:50:04:1D:B0:7C            inet adr:192.168.1.214  Bcast:192.168.1.255  Masque:255.255.255.0           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:2140 errors:0 dropped:0 overruns:0 frame:0           TX packets:766 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 lg file transmission:1000           RX bytes:179096 (174.8 KiB)  TX bytes:89501 (87.4 KiB)           Interruption:11 Adresse de base:0xa000 eth1      Lien encap:Ethernet  HWaddr 00:01:03:03:9F:AF            inet adr:192.42.14.254  Bcast:192.42.255.255  Masque:255.255.0.0           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:501 errors:0 dropped:0 overruns:47 frame:0           TX packets:117 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 lg file transmission:1000           RX bytes:69929 (68.2 KiB)  TX bytes:10950 (10.6 KiB)           Interruption:5 Adresse de base:0x2400 qw-14:/home/jerome# route Table de routage IP du noyau Destination    Passerelle        Genmask          Indic  Metric  Ref    Use  Iface 192.168.1.0    *                    255.255.255.0    U        0        0        0    eth0 192.42.0.0      *                      255.255.0.0        U        0        0        0    eth1 default          192.168.1.254  0.0.0.0              UG      0        0        0    eth0 qw-14:/home/jerome# cat /proc/sys/net/ipv4/conf/all/forwarding 1

http://forum.pfsense.org/index.php/topic,7001.0.html

Please make a screenshot of the firewall rules and any related nat rules.

alright; I unchecked the NAT reflection box, and that did the trick.

ugh, that was driving me nuts, so I thank you guys a lot.

well, I think I got things figured out; I waited a bit after I made the port forwards; and everything works; I guess it's just not instant, is all.

The order is correct. Setting up a Virtual IP is basically telling the firewall to accept the traffic coming in on that IP. For example, if the firewall's WAN address was 1.1.1.6 and you had a server behind the firewall that you wanted to get traffic sent to 1.1.1.1, you would have to tell the firewall that it is also using that IP address. Otherwise, the traffic comes in from your ISP's router and the firewall ignores it.
See
http://en.wikipedia.org/wiki/Address_Resolution_Protocol
and http://en.wikipedia.org/wiki/Proxy_ARP

Fixed. Thanks..

OK - that was fun figuring out….  It's a squid issue.  I reinstalled everything and started from scratch w/out any packages installed.  I got everything working great and then when I installed squid all 1:1 NAT reverted back to the router IP.

So, now that I have that fgured out, is it possible to run 1:1 NAT with squid, meaning, can I 1:1 NAT public IPs to private network IPs and proxy port 80 requests through squid (and still retain the public IPs)?  I hope that question makes sense...

thx

You should post your question in packages.  To redirect only certain traffic to squid proxy you'll need to edit squid.inc by hand and create an alias that will build your table.  Take a look at this post:

http://forum.pfsense.org/index.php/topic,6439.0.html

(note that squid package was updated since above post so inc file might look a little different now)

UPDATE:

I've managed a double NAT in active ftp in some way..
I've set the "ForcePassiveIP" parameter in pure-ftpd to the external address outside the network the server is on (192.168.1.1) in order to get passive on m0n0wall working. I've now tried to set up the pfsense too, and it seems to have payed off! :) Passive FTP is working trough the pfSense box now, I'm going to troubleshoot the passive connection in the meantime..

I've testet trough SSH on an external server

server <–----------->  pfsense/m0n0wall <-------------------------> routermodem (PPPoE)
10.0.0.4                    10.0.0.138/192.168.1.1                                85.167.x.x

Like I said, this is with double NAT. I have no idea why the bridge on the modem, and the PPPoE on the pfSense didnt work. Neither how the ForcePassiveIP parameter affected the active FTP-connection with the server..

Though, it do not work through the simple external FTP-tester I've been using a lot, including the SSH ofcourse.
http://www.g6ftpserver.com/en/ftptest

To others experiencing the same issue:
Configure passive connection on your FTP-server and force the passive IP to the external IP from the network your in. (above)

Though again. This configuration may be trouble for my CStrike connection. I will need to test out that too..

enable NAT-reflection

Ok, well I'll ask this then..

How can I get DHCP on my WAN address to pass thru a filtered bridge onto both the OPT1 and OPT2 internal adapters?