I have DHCP Server running on 5 of my 6 interfaces.  None of my interfaces are bridged at this time. RC

Source port isn't the same as destination port, usually should be any.

Awesome, that worked. Thanks guys.

It's easy to overlook since it's hidden behind a button (which is good since 99% of people will never need to touch that option, but it's handy for those that do!) :-)

ok2.. :) understand :) to jargon to me…

Do I need to setup multiple NIC on my squid server for each subnets of VLANs?

Edydh, unless your problem is exactly the same as the one already discussed you should always start a fresh thread. In your case, please search for NAT reflection and start a fresh thread if you have further problems, to avoid your unrelated problem and CeilingKitten's problems being confused.

Does the VPN continue to work at all? When you mess with VLANs and/or interface assignments in 1.2.3 it goes through and reconfigures the interfaces which causes a hiccup in connectivity for a few seconds (it's much less invasive in 2.0), but I've never seen that cause any problems aside from having to wait a few seconds.

I figured it out. It was the outbound NAT. I have 15 static public IP's, with 13 of them being virtual IP's, and 8 of those NAT to the inside. When I tested the second, third, etc. servers - after building the VIP and NAT - they were showing the router's IP address (using whatismyip.com) in the web browser, not their assigned external IP. I turned the outbound mode to "manual" and ticked the "static port" box. Saved and applied the changes and now each server needing NAT to an external IP shows the correct IP.

No, the destination is initially 443 on the original web host address.  The router does the translation along the way when routing the packet for you.  Hence, the firewall rules will check the initial source/ destination before deciding whether to route (pass) or drop the request.

Log on to the web interface and look under Diagnostics at the States page.  On 2.0 there's also a States Summary page.

Those are local loopback rules and such used internally by pfSense so that it's functions work.  They're not the same as the ruleset exposed directly to the end user. For example,  8 B I Q drop inet6 all means to drop all ipv6 traffic because you have not enabled ipv6 in the webgui.  lo0 is the local loopback interface so on and so forth.

i am developing a customized application for filemaker and i have vpn client installed..i have to get content from linkedin and store them in a local storage…i need your guide

Try setting a static route on your server so that it knows how to route the traffic back to the LAN.

It should be fine like that. It's just some extra added cleanup. Some use cases require it not be present, but in general it's better left on. I wouldn't worry about running with it off, though.

Here is what I have built so far OPT4 net * WAN address * *   Work Segment *      TCP 192.168.14.x * OPT4 net * * Access to printer ICMP 192.168.14.x * OPT4 net * * ping access to firewall TCP OPT1 net * OPT4 net * * limiting access to 192.168.14.x TCP OPT2 net * OPT4 net * * limiting access to 192.168.15.x TCP OPT3 net * OPT4 net * * limiting access  to 192.168.17.x I hope I headed in the right direction.  I just want to make sure that the business and home network is completely separated.  I may have to make additions and subtractions based on the new equipment that I am issued.  Any thoughts on the direction that I am headed? RC