ok, i will try with 2.1

Thank you

The current theory is this effect is connected with the lan being bridged to an openvpn TAP interface, even when the openvpn server has no connections.

@johnpoz:

But I would again still put your private lan(s) on the lan interface of pfsense - not another wan interface.

hmm, ok if i go with only 1 wan and 1 lan, wan can be internet access, and can i make lan use the gateway of the 10.100.0.X?

regards

Start changing pfsense GUI from 443 to another port.

So about your first question I cant setup modem/router in bridge mode

Just trying to clarify: Are you using any features of the router except for the modem? Because the router supports disabling NAT under "Basic Settings"  (however this also resets the configuration to factory default).

You are also using aliases so we cannot help verify the correct rules.

Came across your question while looking for help with my issues, if your still having problems, I wrote this, maybe it can help.

http://forum.pfsense.org/index.php/topic,54800.0.html

Not sure if you noticed, but there are some link problems. Are you running dual WAN config?

you are right.. apologies for everyone.
and about the mentioned setup, i have managed everything by myself, both solution are possible

@podilarius thank you, for answer. My question was a little bit tricky, I wanted to know it is posiible to route public network to the same physical segment as LAN. ex server behind firewall has private IP on one interface and public IP on the same interface (ex. virtual interface) with only one physical connection to firewall.
And now, I know it is possible, have done this. It is needed to set static routing to public IP behind firewall via private IP.

There are many, many potential problems, from your ISP blocking whatever port you're using to you having the same subnet (192.168.1.) on both pfSense interfaces.

Start by checking to see if you can reach the device from the LAN using the LAN IP and the port. Then connect between the pfSense host and the u-verse box and see if you can connect using the WAN IP (and port) of the pfSense host.

How are you getting on? Have you got any further?

Ahh okey, its working now.  :-*

http://forum.pfsense.org/index.php/topic,54362.0.html

@onhel:

You cant just turn off the firewall function.  You need to get your cable company to put your gateway into bridge mode.  This would require a phone call to your cable company and allow them to transfer your service call to an elevated support tech who has the authority to fulfill that task.  Standard phone support employees will not be able to help you in this regard.

That totally depends on which cable company serves your area.

Where I live the cable company totally disowns any function of the device after the modem function. Comcast  business on the other hand seems to want to control your entire network.

The most likely place is the LAN default rule. The default rule states that LAN subnet is allowed out. 192.168.4.6 (and .5) is not on the LAN subnet, so it is blocked. If you have adjusted the LAN rules to allow your second subnet, then I would look at changing from ProxyARP to either CARP or IP Alias. I have never used proxyarp as a gateway, so I don't really know. Also, is the default gateway on 192.168.4.6 (web server) the pfsense proxyarp? if not, then you are creating a routing problem.

Yes you can created a routed network with the help of your ISP. What you will want is 2 separate public IP ranges. The smaller one can be a /30 or a /29 and you will route your bigger /24 or /25 or whatever to that smaller IP range. Or you can create a DMZ/WAN bridge. routed is slightly faster and uses less resources. bridge uses less IPs.

Try this way

Create a Alias (network Type) with your desired IPs range (x.x.x.100-x.x.x.200)

Use that Alias as SRC in your Rule

Hi, I already found out what to do and what went wrong.
in PF 2.0.1 you need to add NAT reflection to the port forward.

thanks anyway