Put it in the from port field, not the to field. By design.

@johnpoz: "server is to old to run a more recent version." How old is it..  Get a new one if its that freaking old ;) its a ibm 88642tm… feel free to donate to the "i need a new server" cause

@robi: ??? It didn't need that before… Can't even get it, since the mail sever is managed by a third party... Any other tips? Um, yes you've always needed it.  And it's been there. But just because it's been there in the past doesn't mean it's there now. Get the cert being sent by the email server and look at its trust chain.  If non of its trust chain certs are in "/usr/local/share/certs/ca-root-nss.crt" then it won't work.  From time to time certs get removed/added.  It is possible the cert needed for your email server has been removed. Here is some additional info on the subject. SSL/TLS Option Breaks My SMTP Notifications https://forum.pfsense.org/index.php?topic=115884.0

There are a bajillion options here, prtg, observium are 2 off the top of my head other than the 2 already mentioned.  If you just want updown why do you need snmp can you not just ping them with say smokeping?

shall we say webmail?

^ yeah your source on your nat and firewall rule would be ANY, your dest would be your wan addess on a forward.  If you try and lock down the source then that traffic would have to be coming from that IP.  I don't know how you would know what that is if your serving up dns to the public from this. As mentioned post your rules and nats, and we can see what your doing wrong.

Forgot to say: server is a "Dell PowerEdge 750" with "em*" network cards (advertised as "Dual embedded Intel Gigabit NIC, Intel PRO/100S; Intel PRO/1000 MT; Intel PRO/ 1000MT Dual Port" in the PDF specs).

Ok but how I define that this time is for the off-time. I think if i create one for monday from 9 am to 1 pm and other monday but from 2 pm to 7 pm. This will work?

ok, but sorry my firewall is down temporality but i remenber that in firewall –aliases, in this is by ip, port and url, you use url and write the no-ip direction and call by example "external", before in firewall -- rules in tag WAN create a rules for example access to dashboard web pfsense but in sources you select "host or aliases" and select the rule create in aliases call "external" and in destination select WAN address port https this is all. i'm wait you comments.

Thanks Jim, That corresponds with what I see in actual tests too. /etc/postfix-msa/master.cf: smtpd_tls_security_level=none pfSense E-Mail Notifications: Port: 587, Enable STARTTLS: No,  SMTP testing e-mail successfully sent Port: 587, Enable STARTTLS: Yes, Could not send the message to xxxxx@xxxxx.com – Error: server does not support starting TLS /etc/postfix-msa/master.cf: smtpd_tls_security_level=may pfSense E-Mail Notifications: Port: 587, Enable STARTTLS: No,  SMTP testing e-mail successfully sent Port: 587, Enable STARTTLS: Yes, SMTP testing e-mail successfully sent /etc/postfix-msa/master.cf: smtpd_tls_security_level=encrypt pfSense E-Mail Notifications: Port: 587, Enable STARTTLS: No,  Could not send the message to xxxxx@xxxxx.com -- Error: server does not require authentication, it probably requires starting TLS Port: 587, Enable STARTTLS: Yes, SMTP testing e-mail successfully sent This would seem to indicate that pfSense version 2.3.2 requires TLS, rather than falling back to plain text mode, when the E-Mail Notification option to "Enable STARTTLS" is selected.

Found my answer: https://forum.pfsense.org/index.php?topic=97554.0 Looks like I need to reboot it off a USB disk to enable it though.  Will try that tonight.

Navigate to System > Package Manager, Available Packages tab Install the System Patches package Navigate to System > Patches Click + Add New Patch Enter the Description: Chrome Bug Workaround Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4 Click Save Click Fetch Click Apply

Navigate to System > Package Manager, Available Packages tab Install the System Patches package Navigate to System > Patches Click + Add New Patch Enter the Description: Chrome Bug Workaround Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4 Click Save Click Fetch Click Apply

@Derelict: Does the lagg come up? I think it did but what do you exactly mean? @Derelict: Did you enable a DHCP server? Yes, it's enabled (attached). All other DHCPs are working fine though. @Derelict: Why not just assign 10.0.13.2/29 to the QNAP LACP interface? You mean instead of dynamic, assign that IP on the QNAP? I'll try that in couple of hrs. time @Derelict: Not sure why you wouldn't use a switch for this but that's probably just me. The main reason is: The storage is used buy several other devices (security camera, A/W receiver etc.) from various part of the house, connected through different switches (and from out side) and I didn't want to lose the access to the storage, in case a switch went down. If pfSense has gone down, I take it as a game over. I'm open to other suggestions though. [image: qnap_dhcp.png] [image: qnap_dhcp.png_thumb]

"What data is "interesting" to see? How to filter/sort it when there is so much?" This is a great point..  Even if you could pick it out and color code it and make it easy as pie to understand for someone with an understanding of networking.  What is your typical user going to do with it?? I don't need a "smart" gateway to see the traffic I am interested in ;)  This can already be done with the tools out there and pfsense, etc. This line drove home the guy that wrote this just doesn't really get it… "smart service providers could even leverage the data to suggest things like adding a WiFi extender for your upstairs bedroom or the basement office." Did he mean to say where another AP should be placed or how to better place the AP in your home for best coverage..  If what you want is crappy ass wifi, then sure throw up some "extenders" hehehe "Wouldn’t you like to know what kind of data is flowing into and out of your home?"  I take it he is talking about ILDP, who is going to set this up?  Your typical user?

That's the way it was designed, and how the cron job runs to check the times. It is possible to support times closer together, but there is not much of a call to do so, and depending on the speed of the hardware, size of the ruleset, and so on, it may not scale well to do faster in some cases.

While that is a work around for sure..  Something not right with your connection if your having that many problems with udp..  Is your pipe full?  is it shitty/slow ? your not blocking it outbound are you?  You prob want to get with your isp if your having problems with udp connections. As to the misdiagnosis, that is why we are here - but we need info to help ;)