@sumant1974: How to connect to pfsense box from Internet? I have an pfsense box acting as my border firewall. I want to access it from my home running internet through ssh port. And also ping to the pfsense wan ip to monitor that it is on. Please post if u can help me out. sumant Thanks all I have got the way to do it Sumant

Thx Since it was timecritical, we made changes to a client application and did not have add firewall rules.

Thanks, I did it!

With Questions 1 and 2, the problem was that you created a rule after a firewall state was already created allowing the traffic.  The rule only affects all new firewall states and doesn't affect existing ones.  Rather than rebooting next time go into the state table (under diagnostics) and either kill all the firewall states, or kill the ones that are offending.  Killing only the offending states is the least intrusive. With regards to Question 3, look at the country block list package.

Yes, what is needed is a rule that matches the traffic before any other rules and has the desired gateway selected.

;D thanks i am here for the same kind a problem .Got a solution through this . Thanks Team K~

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F also move your webinterface to https and a non standard port.

This seems to have worked.. I'll report the results after we see our traffic rise to more than the 10K we were blocked at. Chris' reply to the mailing list: Edit /etc/inc/filter.inc, find these two lines:       $rules .= "\n";       $rules .= "set skip on pfsync0\n"; above those, add:       $rules .= "set limit src-nodes 23456\n"; or whatever number you want it to be. Save changes, edit and save a rule and apply changes to kick off a filter reload.

the admin is on https :8080 and it is only from inside the same subnet  from the outside it works ! and yes the squeezebox got the right settings ! :-( well well  i just have to live it then! Thanks Thomas

1. wait till 2.0 is stable or get the current beta 2.yes and no, create the main rule then add a rule based off of that one 3. yes its done to apply the new rules to current connections, not an issue for stuff like online banking/email only for video and some low latency connections.

cmb….it works..thanks for your reply.....

If you only have one public IP, you can't do that for most services. For web servers, you can try to use a reverse proxy. There are a couple packages, mod_proxy and haproxy that might be able to do this by name. For other services, they do not differentiate based on the hostname used, only the IP address. You'd have to use different port numbers for each domain. On the other hand, if you have multiple public IPs, just setup 1:1 NAT between the public IP for that hostname and the private IP you want it to match up with.

Ugh, that is terrible, IMO (sending all the traffic to the squidbox.)  A much cleaner solution is to enable the proxy mode for your client PC's web browsers.  See this http://nscsysop.hypermart.net/setproxy.html.  Since I run my own apache web server on the LAN, I went for option #5.

the connections that I need are - Wan - L2tp to ISP 1 Lan - home, need to be private OPT1 - Lab and at the moment B&B Wifi OPT2 - going to be connected to a routble /29 range with testing servers. OPT3 - going to be connected to ISP 2, probably PPPoE and load balanced with the wan. I'd like to separate the B&B Wifi from the lab and put cap's and limit's on it but I run out of interfaces.

OK, I'm going for it… I have attached a description of my network environment along with the pfsense parameters that I have set up so far.  I want to separate my LAN and OPT1 segments for performance and traffic shaping.  I assumed that subnetting would accomplish this as reflected by my pfsense parameter choices.  However, I DO want to pass data between the segments (subnets?); i.e., attach voicemail messages to email. Bottom line - are my pfsense parameters consistent with what I'm trying to accomplish? Thanks for your input. Regards, Thomas [image: ENVIRONMENT_0001.png_thumb] [image: ENVIRONMENT_0001.png]