From pm discussion, I've confirmed those ports aren't really open on his firewall, and it's behaving as his shown firewall ruleset should, proving it was something to do with the network of the person who scanned him originally.

There is an ftp-helper build in that you can enable/disable per interface for these kind if situations. Besides that no other protocol is proxied to rewrite IPs.

Others have asked about this a few times in the past, and numerous times on the m0n0wall list, and nobody has ever been able to find a solution. It's certainly a desirable feature, if you can find a way to implement it I'm sure patches would be accepted.

Nice. Thanks for the feedback  :)

Now, i know what the problem is.

My brother's isp is using SIP and ichat is also using SIP so there's conflict.

I don'y know if someone have a solution ?

Thanks!!

Please have a look at http://forum.pfsense.org/index.php/topic,4215.0.html

4/03 SNAPSHOT seems to have everything good to go.  Been working fine!

Thanks

You can manually edit the config.xml and exchange the interfacename with the IP-Adress and reupload the config. Just don't touch this pool with the gui again and it should work with the newer versions.

That would be great if you found that solution for me.
Of course changing the internal modem IP to be the same network range as the LAN, eg 10.0.209.2 is not a problem…

Best regards!!

Think I solved my own problem: http://forum.pfsense.org/index.php/topic,4225.msg25915.html#msg25915

Search the forum for "static port". H323 can be as tricky as SIP.

I try to stay as far away from Appletalk as possible, but AFAIK trying to to encapsulate it in IP and route it somewhere is much more trouble than it's worth. Most of the old Laserwriters I have seen support IP/LPR printing. Just my 2c, but I think you would be better off getting rid of any Appletalk only devices and getting something made in the last fifteen or so years…

It works now with the latest snapshot (23-03-2007) !!

but any chance to have a NAT 1:1 with apple talk compatibility ?

Thanks Hoba,
I enabled "NAT Reflection" then added the Port forwarding as you said and it just works!!!
Then I think I don't need my old firewall box again.

Thanks again to all psSense team.  Let me know if there's anything you think I can help.
Tony.

TCP/UDP shouldn't cause a problem in your example as both should be open and be forwarded. Just note, that once you have autgenerated the firewallrule by adding the portforward the both rules (nat and firewall) are not linked together anymore. If you change one you have to change the other as well. Maybe this is/was the problem as you changed rules manually later?

If you want to have these changes backed up in your config run them by using hidden config.xml commands (see http://faq.pfsense.org/index.php?action=artikel&cat=10&id=38&artlang=en ).

That is correct behaviour. You can shift ports with it but not redirect a range of ports to the same port.

With the current implementation of loadbalancing probably not but I might be wrong. Who knows  ;)

aaa ok thank you that was simple. I was in the wrong area. Again you came trhough with some good info.