Well yeah ;) heheheh So your all sorted?  Any more questions?  Some applauds and thank you's don't hurt my feelings.  I have some dipshit smiting me everytime they log in ;)

Best regard Viragomann managed to get out to the internet thank you very much, I needed to create the rules.

If your server on opt is using a vpn, then you would have to forward the traffic down through your vpn to get to the server.

As I understand it, he needs this: Localnet: 10.10.0.0/27 (DMZ network) NAT/BINAT: None Remotenet: 10.11.0.0/16 That is working fine. Then, in addition to that: Localnet: 10.9.0.119/32 (A host on the local LAN network) NAT/BINAT: 10.10.0.10/32 (An address from the DMZ subnet) Remotenet: 10.11.0.0/16 So there are overlapping Phase 2 networks that need to be created. The other side sees CHILD_SAs created from both: 10.10.0.10/32 === 10.11.0.0/16 10.10.0.0/27  === 10.11.0.0/16 Both SAs must be created on the pfSense side or the traffic from 10.9.0.19/32 to 10.11.0.0/16 will never be interesting to IPsec. I cannot see that ever working reliably.

general things: Firewall rules on LAN1 interface don't allow it, but by default they do. A local, "software" firewall on the LAN2 host itself does not permit traffic from other than its local subnet. If you can ping the LAN2 interface address on pfSense from LAN 1 but not a host on LAN2, check that.

What are you wan rules?  Post them!  Unless you have wan rule that allows the access creating a port forward does ZERO!

Thanks so much for the help.  Port forwarding is working now.  Next step getting my colleagues to us a VPN instead.

I have absolutely no idea how or why, but this issue has just suddenly gone away by itself.  Pfsense is now able to connect to its repositories yet I have been on shift since making this first post and have not amended any settings.  It can't be that the repositories themselves were down, or anything such as that, as I was able to connect to them originally, but only if my NAT rules were set a certain way.  I now have both connectivity from pfsense and from all devices on the network, but I didn't do anything.  Very strange, has me even more puzzled now!

There is zero reason for a downstream router running rfc1918 space to nat..  You only need to at the edge where you change from rfc1918 to public.  Or if you have rfc1918 space that overlaps each other. If you nat at your downstream router than any traffic that needs to come from the upstream network will have to be port forwarded into your downstream network..  PITA if you ask me, especially if you have more than 1 box on the downstream network running specific services, etc.

Nowhere close to enough information. You will need to be more specific. What subnets/addresses are where, exactly what did you do to test - again, specific source/dest addresses and ports, etc. A diagram might help. Again, please include specifics.

Hi there, Have you found a solution to your problem ? I'm in the same scenario. I've got an OVH Server 4 Failover IP, 4 WAN interfaces on pfsense. All my outbound traffic goes out through the first WAN1 Interface. I've tried outbound natting but my traffic won't go out from interface WAN2 or others. If you've found a solution that would be great ! Cheers, Ram

No such luck I am afraid.  The "new" switch is a SG200-26.  Would love to understand what went wrong in that switch though.  Almost like a messed up ARP table?

So what nics does this HOST have, and how are you doing the opt interfaces in pfsense - are they vlans in pfsense sitting on the 1 vmnic? Which is bridge to what physical nic?  So you have multiple physical networks that match up to these 3 networks..  Or is this all going to be virtual networks on the host? Your going to have to give some more info dude!!! Virtualbox you can setup bridge to your physical nic, or they can be natted etc..  They can be host only, etc.. So what networks do you have setup in VB?  How does your physical network attach to your VM Host?

Hi, Last night i setup pfsense at my home with my old unused Computer with PCI Lan adaptor. issue: I have Tikona DHCP Web Based Login type ISP. i can use flawlessly on Basic Home/Small Router Like TPLINK/ DLINK/ TENDA etc, but after i go thru pfsense i can't able to access internet  because Web Based Login page unable to access. pfSense :- 192.168.1.1/24 Tikona Log in Link :-1.254.254.254 pfSense DHCP LAN :- 192.168.100.1 Need Help!  :-\

You want to forward ALL udp traffic on any port to this 1 box?  Why would you think you need to do this for sip to work?

"packet loss is down to acceptable levels. " What do you consider acceptable?  Just curious - so zero? ;)