Works well! My kids hate it…    [image: grin.gif]

hi @ all, Not sure why the firewall is allowing HTTPS through. –> hmmm, ssl login to gmx f.e. or ebay Also, I cannot block ICMP. I have tried to "block all" and "block icmp" and nothing can block ICMP. –> you cant block, i can ;) Block ICMP LAN net * * * *   Block LAN Ping

aaaahhhhh is verisign from pfsense firewall ??????? http://www.verisign.com/static/005296.pdf –-------- RESULT is not a risk!!! its for security :D http://www.soft-ware.net/tipps/tipp27/Verbindung-zu-crlverisigncom-sicher.asp dont panic! CLOSED

That's common to see on Cable networks. It's just DHCP traffic from your provider. That will always be logged unless you (a) disable the "block private networks" rule under Interfaces > WAN, and (b) add a rule at the top of your WAN firewall rules that blocks UDP from any port 67 to 255.255.255.255 port 68

Thanks for the heads up, I'll stuck to URL Tables then. Cheers

ok sorry! it was a server problem … I CAN DOWNLOAD and now iam happy! THANKS CLOSED

The rules take a priority from the TOP to the bottom, so Block * WAN * will refuse any allows that appear after it to fix this, move your block statement to the very bottom of your list, and all will be fixed. Change your rules to look like this. TCP/UDP * * * 6666 *   OpenVPN  TCP/UDP * * * 3333 *   NAT Squid Port Forward  TCP/UDP * * * 110 *   Allow WAN POP  TCP/UDP * * * 995 *   Allow WAN POP SSL  TCP/UDP * * * 143     *   Allow WAN IMAP  TCP/UDP * * * 993  *   Allow WAN IMAP SSL  TCP/UDP * * * 25  *   Allow WAN SMTP  TCP/UDP * * * 465  *   Allow WAN SMTP SSL  TCP/UDP * * * 587 *   Allow WAN SMTP TLS  TCP/UDP * * * 21 *   Allow WAN FTP  UDP      * * * 123  *   Allow WAN NTP  ICMP    * * * * *   Allow Ping  TCP      * * * 4804 *   Allow BunkerTV Radio  TCP/UDP 192.168.10.25 * * * *   Allow Only Lafoffice01        * * * * * *   Block WAN ALL

Do you have squid (and) squidGuard packages installed by chance? If not do this: Click "Diagnostics,>Ping,>Select the LAN interface,> try google.com copy/paste the output of this back here,,, You will no doubt get 100% drops but the return values may help to determine what is dying. If you do in fact get replies on the pfSense box you know your routing is jabber wokied somewhere to the vlan… BC

DHCP Server and Captive portal

Thank you that you are so supportive!  :'( 1.) I figured out how to do this by myself. So thanks anyone who helping me! ;) 2.)I did this using PORT forwarding and one WAN rule.

It did work for me! Thanks a lot mate !   8)

@ghm: Questions: Do I actually have to tag LAN or is it good enough to tag DMZ? I think I need to tag LAN as well but am not certain. Do I under the DMZ tab actually have to state the Source? Why not just the destination given that the Firewall work inbound and the tab describes the IF anyway? Does anything else here look clearly bad? solved this using "pfSense - The Definitive Guide". Now I know that one should neither use PVID 1 nor the parent interface of a VLAN. Have LAN on PVID 2 now and DMZ on PVID 11. WiFi is unbridged now, even though bridged did not cause visible issues. Works :-)

A counterpart of mine does this using Wampserver using virtual hosts on the same machine. Using No-IP.com he only has to update the service to one IP address.

I have to allow OpenVPN even though I'm using the PPTP on pfSense and not OpenVPN?  Also, I can't seem to make an ftp connection to any ftp.  I tried ports 21, 20, 1023, 1026, 1027.  Should I just remove the block on the LAN and move it to the WAN?

Thanks Perry, that got me in the right direction. Doing Manual Outbound NAT did the trick - although I cannot figure out why 2 providers worked fine, and one didnt.

PF (the packet filter in pfSense) has packet scrubbing for this which is enabled by default. See here.