Do you have squid (and) squidGuard packages installed by chance? If not do this: Click "Diagnostics,>Ping,>Select the LAN interface,> try google.com copy/paste the output of this back here,,, You will no doubt get 100% drops but the return values may help to determine what is dying. If you do in fact get replies on the pfSense box you know your routing is jabber wokied somewhere to the vlan… BC

DHCP Server and Captive portal

Thank you that you are so supportive!  :'( 1.) I figured out how to do this by myself. So thanks anyone who helping me! ;) 2.)I did this using PORT forwarding and one WAN rule.

It did work for me! Thanks a lot mate !   8)

@ghm: Questions: Do I actually have to tag LAN or is it good enough to tag DMZ? I think I need to tag LAN as well but am not certain. Do I under the DMZ tab actually have to state the Source? Why not just the destination given that the Firewall work inbound and the tab describes the IF anyway? Does anything else here look clearly bad? solved this using "pfSense - The Definitive Guide". Now I know that one should neither use PVID 1 nor the parent interface of a VLAN. Have LAN on PVID 2 now and DMZ on PVID 11. WiFi is unbridged now, even though bridged did not cause visible issues. Works :-)

A counterpart of mine does this using Wampserver using virtual hosts on the same machine. Using No-IP.com he only has to update the service to one IP address.

I have to allow OpenVPN even though I'm using the PPTP on pfSense and not OpenVPN?  Also, I can't seem to make an ftp connection to any ftp.  I tried ports 21, 20, 1023, 1026, 1027.  Should I just remove the block on the LAN and move it to the WAN?

Thanks Perry, that got me in the right direction. Doing Manual Outbound NAT did the trick - although I cannot figure out why 2 providers worked fine, and one didnt.

PF (the packet filter in pfSense) has packet scrubbing for this which is enabled by default. See here.

Thanks, that did the trick!

Its not possible using the firewall, consider using ACLs with your web server, which can be done with IIS.  Alternatively, if you really feel that you need this level of overkill, you can solve this with a reverse proxy like Varnish.  No reason to do this though, ACLs with your web server are the solution.

Please state the version of pfsense you are using. It appears from your post that things worked as expected until you tried adding an IP to the xen box. If this is the case then I would first suspect a misconfiguration in the xen box.

No, it will not break existing connections when you edit a firewall rule. Editing a rule only affects new connections, not current connections. If you add a block rule (or remove a pass) you would have to clear the state(s) that would match the rule for it to take immediate effect.

I actually figured it out on my own, and its exactly what you have in the image. Thanks for the help, Im an idiot!

If your still unable to get in… Just for kicks, console in and use option 11...