NAT reflection is ugly as a general practice (why loop things through the firewall when you don't have to), and you lose the real source IP out of necessity since the replies have to go back via the firewall. Nothing wrong with using it though if that's the best option in your specific scenario.

You cannot. The platform file needs the exact words it has. It can only be pfSense, nanobsd, livecd, and so on. That does not control the name of the system as displayed on the GUI, console, etc. There is another place to set that. Leave the platform file alone. It is for internal use only.

Dear Steve, This same issue i was also facing in my wan network. According to your solution by enabling Nat Reflection. i won't get pfsense admin login page again but my web respective page was not shown. but by checking the below option. I am able to view my require web pages. "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from" Thanks a lot for your solution.

Some server software includes a "mini firewall". Server configuration requires specification of which interface(s) the server will access requests from and/or which IP addresses the server will accept requests from. Perhaps the server is rejecting the requests you have logged because the server is not configured to accept those requests. There might be a server log giving more details. That tip resolved it. I was under the impression that I had the "mini" firewall on the webserver disabled for my tests - but I must have been wrong. "Problem" went away when I uninstalled the local/mini firewall that is no longer necessary.  We were using an application that sits on top of iptables - and I assumed incorrectly that shutting down iptables would disable the local firewall application.  This local/mini firewall must have additional filtering outside of iptables as well. Now - I have a separate question - how to setup load balancer to work across https connections. Will look around for info, and if needed post it separately.

thank you! I was looking all over

Was able to get this figured out. Looks like the file system was not formatted.  Ran "newfs" on it, and all is good in the world again.

Due to needing to setup this in urgency, I had tried using Endian Firewall Comunity and it works with VLAN500 tagging. However, I prefer pfsense actually. I will try to test it one more time using livecd and then post the logs here. Will have to wait until when no one is around in my office. And that is tough since we even have people coming in to work during weekends.

There is the content of my syslog.conf. Is there something wrong? Im not use to those.. normally more on fedora. [2.0.2-RELEASE][admin@pfsense.home.lan]/var/etc(5): cat syslog.conf !ntp,ntpd,ntpdate !ppp !pptps !poes !l2tps !racoon !openvpn !apinger !relayd !hostapd !-ntpd,racoon,openvpn,pptps,poes,l2tps,relayd,hostapd

I may have remebered incorrectly about the errors, I can't now find a example of it. However: http://forum.pfsense.org/index.php/topic,35895.0.html Steve

Now i got it friends :) Many thanks stephenw10 and jason litka kalu

Welcome  :) As "new" to anything (pfSense in this case), is good idea to check the DOCs / FAQ before ask ;) http://doc.pfsense.org/index.php/Main_Page http://doc.pfsense.org/index.php/Category:FAQ http://doc.pfsense.org/index.php/Can_I_sell_pfSense

1. It's not something I've ever tried. I can't really see what advantage it would be. If the WAN is up and you have convectivity to to other end then why switch to a different tunnel? If your first tunnel goes down, for whatever reason, then why switch to a second tunnel rather than bring the first tunnel back up? If you have both tunnels up simultaneously then you could run some failover/redundancy between them. However it's likely both tunnels will be using the same route such that if one goes down both will. You may get a better answer to this in the vpn subforum.  ;) 2. Not sure quite what you're asking here. Do you mean remotely access the webgui on a pfSense box? If so you can do that already. The server that provides the webgui listens on all interfaces you just need to add firewall rules to allow it. It isn't recommended though to have the webgui accessible from the internet. Steve

That should definitely be enough for 1 Gbps wire speed throughput.

I remembered VirtualBox on Linux has "USB passthrough": a VM can take control of a USB device. Hence you could (if supported in VirtualBox on Windows) add a USB NIC, assign it to your pfSense VM and connect that NIC to your "rest of network" so that traffic from that part of the network has to go through the pfSense VM BEFORE it can get to "server1". pfSense is not real good with dynamically appearing interfaces so you will probably need to reboot the pfSense VM a couple of times to ensure the USB NIC is correctly seen on pfSense startup. There are a number of USB NICs that are supported by FreeBSD/pfSense which say they are USB 2 compatible but don't say they are not capable of 480Mbps operation (that is, they talk to the host at only 12Mbps or lower). Depending on the speed of your WAN link you might need to choose the USB NIC carefully. USB NICs don't have a great reputation in the pfSense community. I suspect at least a part of that is from people not considering all the details. I used a USB NIC for a while and eventually ditched it because it wasn't reliably seen on startup which meant I sometimes needed to be around to fix up the situation if pfSense restarted. I could probably have tweaked pfSense to get around that but I had a VLAN capable switch which I was able to use to effectively get extra ports removing the need for the USB NIC.

HI! Did you manage to resolve this? I have the exact same problem. This modem needs the HSO driver as explained here: http://forum.pfsense.org/index.php/topic,45229.0.html usho.ko needs to be loaded for the interface. I doesnt work as a regular modem. Is there  any way to get a working uhso.ko in pfsense? Wish

So it's not receiving an IP on WAN. Check the logs to see if it is sending a dhcp request. Check the logs in the ISP router to see if that is seeing and responding to the request. Given that it didn't work with WAN set as static it's probably something more fundamental. It could have failed to negotiate the ethernet connection correctly. Could be a bad cable. Does the router have link lights on it? What are they saying about the connection speed and duplex? Please post the output of ifconfig here, that should show any problems. Steve

There are some details missing. @cfapress: Changing the Elastix box to 10.2.4.227 (note the subnet change) and now the box can ping anything other than itself. I changed the subnet on the box to 10.2.4.0 and the gateway to 10.2.4.254 (which is the pfSense VLAN router IP). You have a VLAN capable switch, pfSense connected to trunk port on the switch and the Elastix connected to a ?? port on the switch? @cfapress: Setting the Elastix box to any other IP in the 10.2.4.x subnet and it still cannot get outside of itself. The "still" in the above sentence implies it previously couldn't "get out of itself" which seems to contradict the earlier statement "now the box can ping anything other than itself". I get the impression you might be trying to achieve some sort of isolation between the two subnets without a VLAN switch. Please clarify what you are wanting to accomplish with VLANs and what VLAN capable equipment you have (or expect to have).