Yes ! I'll look further into IPv6 commits. Thanks !

I talked to fast in my last post… My log worked for about 2 seconds and since my last message, not a single entries was added to the log. Seems like the problem might be something else.

Yes, you need a NAT rule - please see the documentation.

you'll have to have multiple ports on router and bridge those interfaces, when one client is in another port and second one at another port, then firewall does control trafic.

Hmmm  You could bump to the ipv6 dev and then you could do ipv6 rules to not log it on block, you could completely disable ipv6 on your pfsense box so that it does not have link local address, that might work. You could just disable the multicast at the source if your not using it You could turn on igmp snooping on a smart switch to block it. etc.. etc..

o..m..g. I am a moron, thanks pod.

Nope, no issues here.  Even runs fine over a weak 3G signal. Is your internet connection stable?

issue resolved. setting port 4569 to static did the trick. TIA!

@tommyboy180: Don't forget I have already committed to adding this feature in the next release of ipblocklist. I was anxiously curious how to go about it. I work with a lot of CentOS and Ubuntu servers, but I've never toyed with a pfsense box. It's very different having only managed a freebsd box once. Thanks for the suggestion though. Anything helps my journey to get into hacking with pfsense. :) Thanks, a lot. I really enjoy your pfsense stuff.

@marcelloc: The setup looks fine to me. Make some package captures at lan and wan and see if you find something wrong. This is weird! Just re-enabled the new LAN firewall rules illustrated earlier, and did the only thing I haven't done so far, i.e. reboot the box, and voila! The new LAN rules are working. Another thing I found odd is that I have to create a rule allowing DNS access to the LAN subnet, which is not necessary in the 1.2.3 release. Will shift focus on the limiter part and L7 and get it to work, last limiter and L7 rule I created made the connection crawl.

it was setup that way ever since the "upgrade". should i consider fresh install?

Funny you should mention…  Guess what I had to go find at a clients office today....  Guess someones looking for a new job now.  Linksys wireless router plugged into the lan port running its DHCP server still... Bummer!      :o

Thanks.  I got everything up and running on 2.0 and is working great.  I actually looked at a lot of other product and the only way was to do a 1:1 NAT which requires a double set of IP's for each server which is an administrative pain. I know I have seen many others ask how to do this and I thought I would share it.  Here's my network diagram: Internet       |     ISP       | PfSense       |     /  LAN  DMZ I basically have 3 networks: 1/ N1 - Public /30 address (WAN) 2/ N2 - Public /26 address (DMZ) 3/ N3 - Internal LAN (10.X.X.X) address (LAN) My requirement is that I want N2 to be filtered by PF and that all traffic going in and out can be filtered.  Note that I am assigning IP's from N2 directly to each server.  Here's how I setup PF: 1/ Configure 3 interfaces: WAN, LAN, DMZ 2/ Specify an IP address from each network to their respective interfaces 3/ Under Interfaces->(assign)->Bridges, create a new bridge with WAN and DMZ.  This will route the traffic as is between the networks and not be a NAT relationship 4/ Under Firewall->NAT->Outbound select manual and delete all rules That is basically it.  EVerything will route properly now.  The only thing left is to create inbound and outbound rules.  To create an outbound rule, under Firewall->Rules->DMZ, create a new rule for your server to the internet.  Here's an example setting for outbound HTTP: Action: Pass Interface: DMZ Protocol: TCP Source: Single IP and specify the N2 IP assigned directly to the server Source port range: any/any Destination: any Destination port range: 80/80 This will basically allow any server connected to the DMZ interface to access port 80 on any network.  To create an inbound rule, under Filrewall->Rules->WAN, create a new rule for inbound traffic from the internet to your server: Action: Pass Interface: DMZ Protocol: TCP Source: any Source port range: any/any Destination: Single IP and specify the N2 IP assigned directly to the server (same as the outbound rule) Destination port range: 80/80 This will allow any IP computer connected to the WAN (basically the internet) to connect to port 80 for the server. I actually verified with port scans that this was the only port open and broadcasting.  I hope others find this useful as I didn't see any exact instructions (most were "setup a bridge" or outdated) within the forums. Final note is that you will see I am connected to the LAN but no rules.  This is because I only use the LAN to administer PF.  You are more than free to create port forwards to your LAN but this isn't something I am doing with what I am trying to accomplish.

Its nor elegant vut will work. Instead of balance based on destination, create two aliases one for odd and other for even clients. Then create two Failover wan1-> wan2 and wan2-> wan1. Apply rules for these aliases and failovers. Other way is To use wpad script + two squid boxes. But I think it will be more complex and hard to maintain.

There is a lot of info but no good setup how start and have these exeptions like my problems. At least we can't find the info. If you know where to start please reply. pfSense has a lot of functions and is light and quick. The GUI should be more integrated in one screen. Now I have to do something in NAT-rules and then in FW-rules. At present we have the issue traffic can't get out on ports 8080 and 2095 eg…...