That makes sense, I at least have somewhere to start looking now Thanks for your help.

Thx. To simple for me ;-) Works like a charm ….

@onhel: Did you explicitly setup the ICMP Type in the firewall rule?  Its right underneath the Protocol once you select ICMP.  You will need Any or at least Echo Reply. Correct, except Echo, not Echo Reply if you're allowing pings.

Issue Solved & Explained. Sill

Right…  I just wanted to know if one was less "backdoor hackable" than the other. Thanks!

thanks a lot p0ddie… ;D

16 gigs in 2 hours translates to roughly 2MB/s of traffic. This is well beyond what normal Bonjour multicast discovery is about. Check his machine (look at the network activity in activity monitor), it either shows constant 2MB/s of traffic on the lan port, or something else is really fishy. Anyway, this looks like a misconfigured client.

If you are on 1.2.3, see here: http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3 If you are on 2.0, just add a block rule to the top of the OpenVPN tab under Firewall > Rules.

Hey thanks for that!!!!! I used reverse DNS and it came up blank:S  I didn't think to just run a whois–thanks again!

Hi, thanks for your reply. Here is what I tried so far: Firewall Rule -> LAN interface, from LAN subnet , to any, Gateway=WAN Firewall Rule -> LAN interface, from any, to any, Gateway=WAN Firewall Rule -> VPN interface, from LAN subnet, to any, Gateway=WAN Firewall Rule -> VPN interface, from any, to any, Gateway=WAN Then I made a Routing Group as you suggested. Routing Group -> created Group with WAN=Tier1, VPN=Never (I also tried Tier2) Then I tried the same rules as above but with Gateway=RoutingGroup I also tried a rule on VPN interface blocking all traffic from LAN subnet, but it still went through. I think I am either misunderstanding how to use these rules or they don't have any effect… The only thing I managed in the meantime was that no traffic at all went through. I hope you or someone else can give a few more tips. Thanks in advance.

Good point. In either case, the issue is that pfsense isn't answering the requests for those IPs, because they're bound to a different interface. They're not "listening" on WAN. So either direct traffic locally that is for those IPs, to pfsense… or else configure pfsense to listen to something and forward that traffic (as in my example).

You need to visit the Traffic Shaper, and create a Layer7 container. Here you create the block or queueing rules, and then you can apply this container to a firewall rule.

I believe using 1-1 NAT mappings on the external one should accomplish this. Map each of the external IPs to a virtual IP (of your choosing) on the segment between the two firewalls (the inner firewall would be listening on these virtual IPs). Then create firewalls rules on the outer one that passes all traffic directed to/from those IPs. Since your lines are of different sizes, you'll need to put the shaper on the external firewall to make much sense.