From your description it sounds exactly like the situation described in the docs. pfSense 2 (you are using 2 right?) is NATing traffic across the PTP link, that is the default behaviour when using an interface with a gateway so all traffic appears to be coming from one IP. You setup the first call and that uses source port 5060 which works fine. You try to make a second call and pfSense re-writes the source port as 5060 is already in use. Your VoIP equipment can't deal with re-written source ports. Two solutions as I see it. 1. Use the siproxd package as suggested in the docs. 2. Disable NAT across the link and just route traffic. See: http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F Obviously you would still require rules to keep NAT on your WAN interface. Disabling NAT may also help other stuff that doesn't like NAT and it's quick and easy to do. That's what I'd try first but I'm coming from almost no VoIP experience!  ;) Steve

I've tried from different machines from LAN to DMZ. (FTP-client of Win XP, Vista and 7) On the server I've tried ProFTPD and vsFTPd. LAN-LAN and DMZ-DMZ FTP-connections all goes well. I did a packet-capture on the DMZ (OPTx) interface of the pfSense-box. Just tested on the LAN-interface of the pfSense-box… The communication on the LAN-interface looks also comming thru 09:09:56.737775 IP 192.168.2.12.52820 > 192.168.3.13.21: tcp 27 09:09:56.738208 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 0 09:09:56.738441 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 51 09:09:56.746785 IP 192.168.2.12.52820 > 192.168.3.13.21: tcp 6 09:09:56.747982 IP 192.168.3.13.20 > 192.168.2.12.52938: tcp 0 09:09:56.786254 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 0 On the client… 331 Please specify the password. Wachtwoord: 230 Login successful. ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. You can wait, wait… wait... nothing seems to happen. (even waiting for more then 30 min.) any-2-any rules are made on LAN as well on the DMZ interface. (just to eliminate blocking issues) Hmmm... Just tried also to do an FTP from pfSense to the server... [2.0.1-RELEASE][admin@fw1.[i]<mydomain>.local]/root(1): ftp server Connected to server.<mydomain></mydomain>.local. 220 (vsFTPd 2.2.2) Name (server:admin):<my_username></my_username> 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||26882|). 150 Here comes the directory listing. drwx–----    5 504      504          4096 Jan 21 17:40 Maildir drwxr-xr-x    2 504      504          4096 Jan 21 16:47 awstats drwxr-x---    2 504      504          4096 Jan 21 16:47 cgi-bin drwxr-xr-x    3 504      504          4096 Jan 21 16:47 etc drwxr-xr-x    2 504      504          4096 Jan 21 16:47 fcgi-bin drwxr-xr-x    2 504      504          4096 Jan 21 16:47 homes drwxr-x---    2 504      504          4096 Jan 21 16:47 logs drwxr-x---    6 504      504          4096 Jan 22 10:16 public_html drwxr-x---    2 504      504          4096 Jan 25 16:57 tmp -rw-r--r--    1 504      504            0 Jan 25 16:37 training.docx 226 Directory send OK. ftp></mydomain> Just found another article on google… "The DOS box FTP in Windows does NOT do passive"  >:( (and I was trying, trying and trying with the DOS box FTP) I've downloaded the latest version of FileZilla and put it on my own PC… AND IT WORKS!!!

follow this topic with same issue http://forum.pfsense.org/index.php/topic,45520.0.html

@greybeard: Q1.Is there any gui option to select the auth type? Q2. An I unique or does anyone else require this? 1. No 2. I don't want it at present BUT it would be useful if I ever want to use Virgin mobile broadband as a backup to ADSL. Ubuntu since at least 10.04 has allowed selection of PPP authentication options

SOLVED (kind of)… It would appear I still had some pfBlocker configuration settings in my backed up xml file. Those were causing the issue. I still see the multicast message so as suspected its unrelated. Manual removal of all pfBlocker references in the xml and restore seems to have worked.

Then you need the rule I mentioned by negate the policy routing for the modem IPs, you're forcing traffic to the modems out the gateway group.

Check if configured dns is working on your pfsense and if you can browse files.pfsense.org.

http://www.freebsd.org/cgi/man.cgi?query=pfctl&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&arch=default&format=html

@luke240778: The last one i got in the US for $179, here it will cost around $700. Ouch!  :o Steve

As far as passing packets, the two are comparable. Our web interface will be a bit slower on hardware of that spec, just a lot more things going on, we have protections from attacks against the web interface that m0n0wall doesn't have, amongst other differences. If you have a busy dashboard, it'll really hammer a box that slow, especially if you show the traffic graphs on the dashboard. Everything else is much less difference. Unless it's something you're constantly in making changes, it wouldn't be a big enough difference for that to be a factor.

When the DNS forwarder is enabled, it puts 127.0.0.1 in there automatically so name resolution from the firewall itself uses the performance benefits and local caching of the DNS forwarder. You can check the box under System>General Setup if you don't want it to do that, but you usually want the improved performance of the DNS forwarder (127.0.0.1).

Thanks for the direction. I think I put it in the right place.

Try to set this on the command line: sysctl hw.acpi.handle_reboot=0 Then see if it can reboot. If that works, you can add that as a system tunable under System > Advanced on the Tunables tab. These kind of issues are almost always ACPI issues as others have mentioned. Update BIOS, toggle ACPI options in the BIOS, etc, to see if you can find a config that works.

you should use a vpn connection, start vpn from vpn->pptp , create a user list, on client with xp instead ppoe yo should create vpn connection when is asking for ip you need to enter exteriour ip form your pfsense (or can be made with dns if is dinamyc) after enter user and pasw , create new rule from firewall on pfsense to start internet sharing trough vpn or other other options,i've done this and is working fine, good luck

does your modem support pptp passthrough? is it enabled?

Any answer ? Regards