I found a manual way, through the manually backup,  there you can choose the individual parts you want to backup and restore. Definitly not the best way, but it works.

I made a few tweaks on the VPN server (added another NIC and assigned the 1:1 NAT addresses to that NIC) and it's working.

I've tried a lot of hardware for pfsense, but never an i920/x58 system; so you have to try wether it works (but I think so). Haven't you got an old harddisk? Just plug that disk in (and disconnect the debian harddisk) and install. I think you will see the advantages soon enough. Pfsense is specially designed to protect networks.

solve…. i use nat 1:1

thanks, I start to understand pfsense firewall. It`s very important to know that Rules are inbound. I have solved it. First LAN rule is: reject TCP 192.168.11.54 * !local_smtp 25 (SMTP) *

Yeah I fixed it,sorry for spamming it was the ISP he obviosly had blocked that port.  :o

http://www.oav.net/mirrors/cidr.html

There is nothing in the system logs whatsoever. I'm glad I checked though, I left a port open for bittorrent even though I wasn't using it, it showed about 40 different hits on that port last night. I don't know if anything got through though?? Evolution mai has always worked great. I leave my desktop on 24/7 and it automatically checks for new emails at a regular interval. If I manually hit send/receive it's fine. It seems that during one of it's automatic checks something is going wrong because when I open my computer in the morning, rather than have a bunch of new emails, I have a password prompt with this message: unable to connect to POP server pophm.sympatico.ca Error sending password: -ERR authentication server unavailable. Encryption is SSL and port is 995. I never saw this until I installed pfSense so I think it must be related. MTU is 1492 and I am using pppoe, same value as my previous router. Thanks

@0tt0: @GruensFroeschli: Is the traffic for this webserver always going over the VPN? Yes that is the idea. So you essentially have as default gateway the VPN itself. In this case all traffic should always come back to the pfSense and thus shouldnt need source NAT.

Thanks jimp and sullrich. That will work until the 2.0 release ;)

Hi everybody! I used ALIASES in assigning a group of LAN IP addresses: 1. List of LAN IP Addresses blocked in accessing the internet and 2. List of LAN IP Addresses with time restrictions in accessing the internet And used SCHEDULES in assigning time restrictions in some LAN IP Addresses as listed in no. 2. After which I used them in making FIREWALL RULES and placed them before the default rule. After that I reboot the system but it hanged during Configuring firewall….. Please help!

Yeah, only outgoing connections originating from 192.168.1.5 will be mapped to the VIP. You'll still need to add port forwards for incoming connections. Btw static port means exactly what the documentation states: "do not randomize source port on the outgoing connections", nothing else. The redirection is really done with the selection of the NAT address in the outbound rule and static port is just an extra option that is normally not needed. In your case it's better to turn it on since (active) ftp data connection originates from port 20 and you want it to originate from the same port on the VIP.

http://forum.pfsense.org/index.php/topic,19862.msg102193.html

thanks sir..  ;D