Thanks for the explaination. Could rasising the state size reduce this noise or does it not matter?

It's just PHP. It's in the pfSense code repo, it's part of 2.0.

Any error aside, it sounds to me like you are where I was a two or three months ago.  Please review this post, which contains what I learned: http://forum.pfsense.org/index.php/topic,25548.0.html Regarding having only a few machines and so keeping a tight netmask, why bother?  Use /24, it is easier to think about.  Use a different number for each LAN if you have several.

For BGP to work you do not need anything in rules other than TCP port 179 allowed.

Thanks Jimp

Yes, after viewing the advanced options in skype I just realized this. I would like to view my squid cache logs. How do I view my logs to ensure that traffic is going through squid as well. I am able to view my squid lightreport though.

Thanks!!! Default subnet was 32 - which was the problem. Thanks!

Update: SOLVED! Stupid mistake! - it was working all along - just on the server soft-firewall was in the way.

This may help. http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Since it relies on connecting to their remote servers to make a VPN connection, you might be able to look up whatever IP space they own and block it that way. Depending on the protocol they use, an L7 filter might work, but it may also catch traffic you want.

The URL Table Alias package will let you do this, too. But you need to be on 1.2.3 to use it.

There is an option in the Advanced State section of the firewall rules to specify the timeout length in seconds. You could try adding a value to that field to keep the state from closing earlier than MS wants.

In order to properly offer suggestions, we'll need a lot more information. For starters, the exact contents (preferably screencaps) of your firewall rules and NAT rules. You can block out any public IPs but if you do so, at least leave the last octet. Before gathering that info, first have a look here: http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

New idea on how to get another "apparent" interface so that I can achieve my desired forwarding.  I have been reading about VLANs.  I am really extrapolating here so please bear with me if I am way off base. If I created VLANs on my LAN, would I be able to forward LAN:80 to VLAN:8080, having VLAN:80 open to go to the internet?  If so, I have some other questions too. When a machine does a DHCP request, it knows nothing of VLANs, so I assume that the request is picked up by the DHCP server and that the DHCP server assigns it an IP and associates it with a VLAN.  How does it choose?  The only differentiator would be the MAC address, so this would have to be manually configured, analogous to a static IP.  Am I on the right track?  I suppose there could be more boxes appearing under the DHCP Server configuration that appear after I make the VLANs, but I don't want to mess up my working configuration until I know that I am barking up a valid tree. There seems to be an assumption of a managed switch to route VLANS.  From what I have read, I don't see anything preventing a cheap layer 2 switch from routing based on MAC address, as long as I cut down the MTU by 4 bytes to make room for the VLAN stuff.  1500 bytes is hardly a power of two anyway, so I would expect the impact on throughput due to fragmenting and assembling 1496 vs. 1500 byte packets would be minimal.  Is this good reasoning? Do I have to have all other traffic on the physical LAN interface be on VLANs too, or can the "base" lan be "normal", with VLANs running on top? Thanks.

I can't thank you enough.  I had the AON but without the static route selected.  Racked my brain for days with this. THANKS!

i may have found the issue, standby ** UPDATE ** I may have fixed it i dont know. I can access the services from the ip address but it seems the dmain names arnt working.  Might be something to do with the dns server. i am investigating now