Rules are applied inbound on an interface. So a rule with as source "Wan Net" on the DMZ interface will do absolutely nothing. Also Destination: "Wan Net" means exactly that: The destination has to be in the subnet of the WAN. –> This is not the internet. pfSense per default blocks everything. So instead of blocking everything before the allow rule, you can do it reverse. Also you can make everything a lot easier with aliases: http://forum.pfsense.org/index.php/topic,14989.0.html

Ok Thank you very much

Create a rule on your LAN interface set to block with a source IP address of the computer you want to deny access to. Make sure you move this rule above the default allow rule or the traffic will be passed before the block rule is processed.

I found a manual way, through the manually backup,  there you can choose the individual parts you want to backup and restore. Definitly not the best way, but it works.

I made a few tweaks on the VPN server (added another NIC and assigned the 1:1 NAT addresses to that NIC) and it's working.

I've tried a lot of hardware for pfsense, but never an i920/x58 system; so you have to try wether it works (but I think so). Haven't you got an old harddisk? Just plug that disk in (and disconnect the debian harddisk) and install. I think you will see the advantages soon enough. Pfsense is specially designed to protect networks.

solve…. i use nat 1:1

thanks, I start to understand pfsense firewall. It`s very important to know that Rules are inbound. I have solved it. First LAN rule is: reject TCP 192.168.11.54 * !local_smtp 25 (SMTP) *

Yeah I fixed it,sorry for spamming it was the ISP he obviosly had blocked that port.  :o

http://www.oav.net/mirrors/cidr.html

There is nothing in the system logs whatsoever. I'm glad I checked though, I left a port open for bittorrent even though I wasn't using it, it showed about 40 different hits on that port last night. I don't know if anything got through though?? Evolution mai has always worked great. I leave my desktop on 24/7 and it automatically checks for new emails at a regular interval. If I manually hit send/receive it's fine. It seems that during one of it's automatic checks something is going wrong because when I open my computer in the morning, rather than have a bunch of new emails, I have a password prompt with this message: unable to connect to POP server pophm.sympatico.ca Error sending password: -ERR authentication server unavailable. Encryption is SSL and port is 995. I never saw this until I installed pfSense so I think it must be related. MTU is 1492 and I am using pppoe, same value as my previous router. Thanks

@0tt0: @GruensFroeschli: Is the traffic for this webserver always going over the VPN? Yes that is the idea. So you essentially have as default gateway the VPN itself. In this case all traffic should always come back to the pfSense and thus shouldnt need source NAT.

Thanks jimp and sullrich. That will work until the 2.0 release ;)