My microcell works perfectly under 2.0 and has worked perfectly under 1.2.3. I did not have to forward any ports at all.

Syslog is the only way to do it out of the box. I'm not sure if anyone has a package out there that does what you're after. You could write your own daemon that attached to the pflog device and reads the data (or pipe it through tcpdump, check out how the current log is taken with tcpdump.) and then work that into your database however you like.

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Thanks for the response.  That makes perfect sense now.

It could be in the order of the rules. The top rule gets processes first, so if you have a block rule above your pass rule, that could be the problem.

For some reason I couldn't get 1:1 NAT to work properly. Kept messing up some other things… However, the second suggestion worked flawlessly. Thanks a lot guys, problem solved!

There is a package for proxying IM connections, or you could use the likes of Squid (with Squidguard) and only allow the destinations you want.

Don't forget that your firewall (pfSense box) is the weak link here - there's nothing stopping somebody simply DDoSing it if you just protect your DNS server.

There's a reason the port fields on firewall rules are red. :-)

Turned out I didn't have to open any ports or anything, just enabled IPSec and everything started working… Though without any rules, am I opening any security holes in my firewall? Also will this screw up my OpenVPN setup? Thanks!

@Cry: I'd suggest you make your allow rules specific - only allow the traffic from the host or hosts you want to allow traffic from. Then if there is no allow rule listed the default deny rule will apply. I just want to be sure I get this right.. Source: LAN net Port: * Block Destination: 192.168.1.2 Port: 80,443,8080 Pass And whatever other rules I have underneath to pass, or is it not necessary to created a block rule at all? Should my rule for the Censornet not state: if not Censornet block or will it work if those ports to destination 192.168.1.2 are the only internet ports I created the rules as above and tested them now, but it seems not to work when I employ it this way are my source and destination rules correct? I have for the iterim just checked the Firewall log file: block Feb 23 23:19:24 LAN 192.168.1.4:60977 192.168.1.1:80 TCP:S I am testing from 192.168.1.4 my pfsense main box is 192.168.1.1  am I still creating the rules wrong then I take it. Is it possible for you to give me an example of how the rules should look please? Ok got it working: Delete default Allow All Rule on LAN Create Allow Rule Source Censornet Source Port any Destination any Destination Port 80,443,8080 Working! Please let me know if this is incorrect.

I have your very setup working at my house. Here are my rules. under LAN: PASS:      * LAN net * ! WIRELESS net * * none under WIRELESS (Opt1) PASS       * WIRELESS net * ! LAN net * * none @ketiljo: Hi I'm fairly new to pfsense. Currently using version 1.2.3. For now I have only two NICs, WAN and LAN. On the LAN side, I have my PCs and a server for HTTP and FTP etc, plus a WL AP. I will put in another NIC so that I have one for my LAN and one for the AP. The AP is sharing internet for my tenants. Now, I don't want my tenants to have access to my LAN, hence the need of an extra NIC. I will set my LAN1 to 192.168.1.xxx and the tenants AP on LAN2 to 192.168.2.xxx. The pfsense box will do DHCP for both LANs. How can I set the FW rules to only allow access to WAN from LAN2? I don't need access to LAN2 from LAN1, so I guess both LANs can be set to only access WAN. I still need to NAT ports to the LAN1 server. I also want to limit the bandwith to LAN2. Is this possible with v 1.2.3 or do I have to upgrade to 2.0? n any case, how do I set this up? Thanks, Ketil