For port 22, the best way to do this are using multiple nat on wan with different port for each server.

Server 1 port 2201 wan to 22 internal
Server 2 port 2202 wan to 22 internal

Or you could use openvpn to establish a connection to your lan

@podilarius:

did you do as marcelloc suggested and did an exit and return to shell to see if it was added to the path correctly?

ah forgot that parts, now it works perfectly, thank you so much for all the help! :)

@rizzler:

Hi

Let's say i have a .com domain i want to use here, i installed pfsense with this domain so all my computers are in "home.mydomain.com" now i would like this to work from the outside to so that if i surf to "home.mydomain.com" i get to the router interface, i enabled port 80 in the firewall but i get just "potential dns rebind attack" why? :/

Because that's not a hostname configured as one the firewall should answer on. See System>Advanced, you can fill in your additional name there. Or change the system's hostname to be what its real FQDN is.

Is the user created rule above or below the rules you posted? The default deny rule is above is is not a quick rule so that is going to be the action that is taken if traffic does not match any other rule.

The Definitive Guide is far more helpful with 2.0 than the Cookbook.

That puts the order on which pfil(9) consumers 'taste' packets.

It was developed first for overcoming some issues but now its not used at all as you can see from the * in ipfw its not a pfil(9) consumer as used in pfSense.

You already have an open thread on this - please keep it there.

Inside the non recommended packages there is a recommended freebsd version  :)

Install packages from same freebsd version pfsense uses. Current version is freebsd 8.1 p6.

*-stable packages could depend on shared libs that are not present o outdated on pfsense.

Anyone can write a package and submit it if you've got the skills!  ;)

See: http://doc.pfsense.org/index.php/Developing_Packages

If not then consider raising a bounty to get it done.

Steve

You have control of who does what on your installation.
Kern.securelevel is more of a needed option on multi-user installation while pfSense is not like that.

You'll need to forward port 587/TCP if people are connecting remotely to send email through your server (as opposed to 25/TCP for other mail servers).  You'll need 110/TCP and 143/TCP for POP and IMAP and port 80/TCP (and hopefully 443/TCP) for Webmail. I'd highly recommend that you configure your SMTP server and POP/IMAP server to support TLS and your web server to support HTTPS.

Those port forwards should cover your required remote access

An outbound nat could simulate a proxy, that's the only way I could do this.

This way,server logging will have only firewall ip address.

A proxy could set a X-forwarder-ip and a web server(for example) is able to log clients ip.

You could edit /etc/inc/system.inc and edit the function that makes syslog.conf and have it direct those logs to somewhere else (or /dev/null)

You probably want /usr/local/www/status_rrd_graph_img.php

Thank you Steve that worked perfectly!

Thanks jimp. I will change the hard disk and check again.

Out of curiosity - how did you know that this is storage related?

Atul.