So first you need to validate that 443 is actually hitting your wan IP.. Its quite possible its blocked upstream. 2nd validate that it actually gets sent to your local machine… This is 5 seconds of sniffing on pfsense interfaces with diag, packet capture. You sure machine your forwarding too doesn't have firewall blocking it?  Have you gone through the troubleshooting doc? https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting You don't have captive portal setup on the interface your server is on?

Hello Everyone, Sorry for the confusion. Let me explain my goal clearly. I have two WAN links terminated at my Router. Router has the internal network 10.50.0.0/16 and I can distribute the load on WANs based on IP address(Which I need to do for different departments ) I want to place a PF Sense in my Internal network and want to create other 3 networks (of different department) behind it. Now I would like to do NAT for each network's traffic so every network will get the appropriate WAN and the respective IP address. Please let me know if you still have any confusion or questions. Thank you

You do understand setting it on that wifi interface now all traffic that is not to the internet were your low mtu is is at that lower mtu..  So your setting all your devices on your network to use a mtu of 1492 because your internet connection has some overhead on it?  Why don't you just let the router do what its suppose to do and fragment the packets.. PMTUD should to be honest handle issues to upstream mtu size, and if you have a issue on your internet connection with lower than 1500 mtu you can just use the MSS clamping feature.. vs altering the mtu to lower than 1500 on every device on your network…

…attempted to configure the Split DNS method as documented, but it didn't work for me. I'm sure we can get it working.  As Derelict said, start a new thread and post all the relevant details you can regarding your DNS configuration as well as the client DNS settings you're testing from.

Yeah indeed the package and the proxy are two completely different things.

Maybe get a tunnel with static IPs on it instead? You could look around for an ipv4 tunnel broker in any country you choose and setup a tunnel with them.  You stay on dynamic IP, your fixed addresses are routed to you. Setup an AWS micro instance, run pfSense in it and setup an OpenVPN link from AWS with fixed IP to your dynamic IP.

I tested from an outside machine but failed. Nonetheless, I redid everything but no port forwarding rules and I can access an internal web server! The only problem is I get the error here when changing the default port for the reverse proxy: https://forum.pfsense.org/index.php?topic=87280.0 So my internal web server is running on port 8082. testsite.domain.com redirects to the pfsense homepage but testsite.domain.com:8082 goes to the web server. Can I make testsite.domain.com go to testsite.domain.com without the port number showing?

you don't see a problem with using the same name for multiple machines??  Really?? If you can not run a reverse proxy, and your limited to 1 public IP then still use fqdn to point to the machine on the outside.. So you have hosta.example.com point to 1.2.3.4 on outside, hostb.example.com point to 1.2.3.4 on outside If you want to run the same services on these that use the same port, with your limitation of 1 pubic IP then yes you can use different ports so hosta.example.com:portA  hostb.example.com:portB  on the outside those point to your 1.2.3.4 address On the inside hosta.example.com points to privateAdddressA and hostb points to pirvateaddressB, etc..  Problem solved users on outside can use the same url http://hosta.example.com:port as the users on the inside.  Just with split dns uses on outside resolve to your public and your forward forwards to correct private via teh port being used.  On the inside the uri points directly to the machine in use.  And does not have to reflect of anything. No matter what if your private side server changes IPs you would have to change the port forward anyway. Your trying to leverage a work around of only having 1 public IP by using different ports to get to your multiple private IPs…  When in a real setup you would have different public IPs for your multiple services you wanted to run on the outside that used the same port.

so your running all your vms on the vmkern network? (mgmt lan) ??  The idrac is its own physical interface is in not?

for some reason, when I created traffic shaping, it included a firewall rule for the ports which prevented access. I de-linked the firewall rules and it started working again

Wow…"management" doesn't understand... NO WAY!!!!!!!!

just want to update for anyone else having this issue so far now i get one sided audio while before I would get none I have been reading few other sites and been trouble shooting i re changed my trunk settings and my extensions. But now i got this so i think im making progress see pictures granstream(LAN IP) voice to zoiper(3G) –--One way audio but on zoiper(3G) to granstream(lan)---no audio but i guess howcome before I would get no audio but now im getting on the granstream phone (LAN) they cannot hear from what the person is saying on the zoiper(3g) but when talking from the granstream(lan) you can hear on the zoiper(3g) Any asterisk guru? Its probably the wrong place to get help  :-\ Thank you [image: Clipboarder.2015.11.27-006.png] [image: Clipboarder.2015.11.27-006.png_thumb] [image: Clipboarder.2015.11.27-005.png] [image: Clipboarder.2015.11.27-005.png_thumb] [image: Clipboarder.2015.11.27-007.png] [image: Clipboarder.2015.11.27-007.png_thumb]

Revised, corrected guide for adding 1:1 NAT on a standard connection I have a standard business cable (coaxial) connection with 5 static IPs in the same subnet.  Let's call them WAN_IP1 - WAN_IP5.  The modem is in bridge mode. I have already setup the WAN connection on an interface of my pfsense box to use WAN_IP1 and it works fine. Now I want a 1:1 NAT on the same interface, pointing to Internal Address: 192.168.1.20. ============================================================================ Steps: 1. Firewall -> Virtual IP ADD NEW Options: Type: Proxy ARP Interface: The same interface of my modem IP Address: The Public Static IP address I want for the 1:1 NAT, in this case WAN_IP2 Subnet Mask: /32 for single address 2. Firewall -> NAT -> 1:1 ADD NEW Options: Interface: The same interface of my cable modem External Subnet IP: The Public Static IP address I want for the 1:1 NAT, in this case WAN_IP2 Internal IP: Single Host : The Internal Address: 192.168.1.20 3. Firewall -> Rules -> The same interface of my cable modem ADD NEW Options: Action: Pass Interface: The same interface of my cable modem Protocol: Any Destination: Single Host or Alias: The Internal IP Address: 192.168.1.20 ===========================================================================

OK I understand now and my previous advice still applies.  It should be one NAT rule (port forward) to expose the server on VPN to WAN, and one firewall rule to allow the traffic to flow.  That's it.

No pfSense config required if I understand you.  The client on the same internal segment as pfSense NIC just needs to use the pfSense LAN IP address as its gateway.  I'm not sure how WAN being bridged or NATed makes any difference to the client on the LAN.

Pop over to this thread to continue the VPN discussion: https://forum.pfsense.org/index.php?topic=102977.0

I got FTP to work by setting the passive port range on the ftp server then opening those ports with a nat rule to 192.168.0.xx9 for the ports I opened. Seems to be working in chrome in IE I had to turn off passive mode on a remote client to make it work. That seems odd since it worked in chrome but not IE until I turned that off and my understanding that forces it to 20 -21 any way and those were already open.