Rules are always per interface. So the rules on the WAN interface are for traffic coming in on the WAN interface and rules on the LAN interface are for traffic coming in on the LAN interface. Always seen from a point of view of the firewall.

I don't think it is possible to be less helpful than 'nothing is working' :(

Two things: your rules should not be using "WAN address" as the destination, but '*', as otherwise you just block them from accessing the WAN IP itself, not outside hosts.  Also, you never said you wanted anyone outside the internal pfsense to be able to access the 192.168.1.0/24 hosts, so I didn't address that.  The solution there is to also stop doing NAT on the inside pfsense.

The destination on that rule is incorrect, the IPsec tab is for traffic inside of the tunnel. In that case, the 'destination' would be your LAN subnet, or just 'any'.

Ah i see. Well in this case i would create an alias containing all the IP's in don't want to allow. Then use this alias in the default allow rule as: Destination: !alias (allow everything except the alias)

Not without more info. You'll need to supply the output of "netstat -rn" from a shell or Diagnostics > Command, and the output of "ifconfig -a" might also be helpful.

Looks like someone is either probing your gateway or has a misconfigured SIP client.

@covex: Method 2 (split dns) from the link you've provided, it din't do anything. Clients set to use external DNS server, should I change it to pfSense for split DNS to work? Yes, for that kind of split DNS to work, clients should be using your pfSense box as their DNS Server.

Hi. Thanks for the help. Making the route solved the problem. I crash my head against the wall cause this is routing basics i should have known…  :D So this case is SOLVED! Thanks a lot! Carsten

The traffic will be stopped unless you explicitly allow it. That said, they can still try to DoS you because you can only block packets once they've already reached you. You need to tell your ISP to block that IP address, and then it won't come down your line at all.

I want to lock down traffic leaving firewall for same reasons as for all other network devices. Block all and allow only what is required. And allow-and-log rules to monitor traffic and access with firewall. Thank you for responding. I will look at 2.0 and floating rules.

Hi, I also facing same issue. just i disbale my firewall, ofter that is working fine. If you want you can download freegate from http://go4download.com/free-gate-6 and http://www.dit-inc.us/ is official website for free gate.

As nothing works as expected, I've decided to rebuild the pfsense from ISO to latest version, and now it works the same configuration. Many thanks for your help. Regards Alfredo

Folks I've created a new topic in the 2.0 section, as this may be a possible bug related to 2.0. http://forum.pfsense.org/index.php/topic,26479.0.html Thanks

yes, if you stop the ping and restart it, you will see that it now will not work. just reset the states (drops ALL connections) when you want to force a rule change.

It's a wild guess but I think the public IP's are probably bypassed because you have configured pfSense to have an IP within that same IP subnet. This way traffic never get's routed to pfSense because all IP's are within the same broadcast domain. In order to get your firewall to inspect the traffic you have to place the firewall between the ISP's uplink and your configured public IP's. You do this with either: Routing: Obtain an extra (small) IP subnet from your ISP, configure that on your pfSense and let the ISP configure the default gateway in that same subnet. Configure the original IP range on the LAN interface of pfSense and make sure the default gateway of the VM's points to the pfSense LAN IP. Then ask your ISP to route the original subnet to the WAN IP configured on your pfSense. Bridging: Only assign an IP from your current IP range on WAN interface, bridge it with your LAN interface and make sure all your VM's are attached via the LAN interface (not the WAN interface). The bridge will force the traffic to flow through the firewall so you're able to block/pass traffic. The first option is the most common one and pretty easy to understand, but it requires quite some changes in your environment and your ISP's. The second option requires less changes, but can be somewhat confusing at first with how things work and won't work together with CARP.

@platinumnj: Have you been able to get external access to your pfsense box to work via BETA verison. I haven't been able to as of yet… :( It works fine, if your rules or VPN are configured correctly. Given the age of this thread, you should start a new one for your issue if you are not able to solve it with the information already provided here.

so can corp access the Internet as well? your rules look to be correct. what do the interface settings look like?