I don't know exactly why but everything is ok:) Now I can ping the OPT1 interface from the laptop and the nat working too. I think a reboot needed. First I didn't reboot the pFsense. But when I turn on the pFsense the existing config everithing is works fine! Thanks your help!

Thx. for info.

The connection on the external is a 100mb cable modem connection from Shaw Bigpipe.  I have changed the IP's so they dont reflect my ip's.  Basicaly I have the Bigpipe modem going into the pfsense external interface and the secondary pfsense interface going into a hardware router.  The hardware router will be configured with the 69.244.194.146 address.  I need to be able to ping this from the outside world going through the pfsense router.

it worked ;D ;D :D :D

wtf O_o i tried the exact same thing but didnt get it to work. i've read some stuff about you cannot bridge WLAN because multiple MAC's on the same device in a WLAN lead to discarded frames. maybe i should try once more :) did you find somewhere a howto? i have the regedit-changes i need to do. possible that i did something completly wrong >_>

pfSense does not provide NAT-T support. but you can use the Cisco VPN client through pfSense and it should work without a problem. (at least i never had any problems with cisco vpn client)

Thanks a lot for your interest anyways…  ;)

If you only serve incoming requests the state will handle the returning traffic as well, so you don't need outbound nat. Try VIPs type proxyARP or CARP if you need layer2 traffic for these IPs. If you ISP is routing these IPs to you anyway type other will work too.

no. but you can create an alias.

long waited?  It's been answered many times. pfSense does not have NAT-T support.

I changed the setting in the firewall.  It looks like IIS7.0 on my Vista workstation needs to be reloaded.  It looks like I killed it.  I will give you a update after I reload IIS. RC

I finally found the answer… I had to setup CARP interfaces for each of the virtual IP's and then the NAT port forwarding worked just fine. BTW... I also found that I had to specify the same subnet mask for each CARP interface or it wouldn't work. For example: My main interface is XXX.XXX.XXX.98/27 My CARP interfaces had to be: XXX.XXX.XXX.99/27 to XXX.XXX.XXX.104/27

Great to hear so far.  I'm about to install this on a permanent box, and I'm hoping for the best. I have a range of about 13 IP's or so that I can dedicate to the students, so I may NAT their entire subnet to that range of IP's. I'm glad to hear that I'm not crazy and that others have had problems with FreeBSD freezing under heavy IPFilter loads as well.  I thought it was something I was doing wrong.

@cardinalweb: Hopefully someone can clarify, from what I can tell from the forum and other responses is it true that NAT Reflection will NOT work on Virtual IP Addresses that have been assigned through NAT 1:1, BUT it will work on any addresses you setup within NAT port Forwarding? that's correct. I'm locking this thread though, since it discusses issues about a year and a half ago it's largely no longer relevant to any currently supported versions. If you have further questions please start a new thread.

Not sure if you've figured it out (as title now says solved), but it occurred to me that you might have meant Proxy-ARP and not CARP by PARP. While CARP addresses should have the correct mask, Proxy-ARPs added as you show should have be added as 'single address' /32.

Maybe you don't even need VIPs. If you really just want to make one machine available to the public add a portforward with appropriate firewallrule (let it be autogenerated). I think you are overcomplicating things here.

@GruensFroeschli: do you want to 1:1 NAT or just normal NAT? normal NAT or if possible 1:1 NAT, i could try both and see which one will work better, thanks.

why do people post the same thing in two different threads? attached you can see an example of NAT and FireWall rule (which is autocreated when you create the NAT entry) the server that should be accessible has the IP 172.22.30.200 and runs on port 81. if you want to run your server on port 80 you need to change the webgui of pfsense to a different port. if you dont want to do that you can create a Virtual IP in your subnet on WAN and 1:1 NAT this VIP to your server. the server is then accessible via this VIP [image: freenas_webgui_nat.JPG] [image: freenas_webgui_nat.JPG_thumb] [image: freenas_webgui_fw.JPG] [image: freenas_webgui_fw.JPG_thumb]