It turns out that I only resolved part of the problem. I can now access my file shares again, but the local workstation still shows as "unauthenticated". However, I am starting to wonder if this is a bug in Windows 7 since it doesn't seem to have an impact on anything… Bern, I am running a web server, a mail server and a database on my windows server. I know that I can probably do the same on Linux, but my knowledge in Linux isn't the greatest and so I feel that I would just set myself up for trouble... ;) On the plus side I also have trixbox which runs on linux in my environment as well. However, that also gives me more than enough trouble at times... ;) I figured I should update my findings here in case somebody else runs into the same problem. Thanks again to everybody trying to help! Cheers, Jens

@ndanforth: Thanks, I upgraded to 1.2.2.  Still no luck.  I have all OS finger printing disabled. It seems like the return packets from the server is not coming back in through the WAN interface. I just dont get why windows is ok and Linux is not. Correction.  I found that all my rules were having return traffic blocked by the default rule.  Changed the rule state setting to Keep State.  Now all is working with all clients. Thanks for getting my brain moving.

Nevermind….fubar'd the rule, source AND destination ports were set to 1194....sometimes you cant see the forst for the trees.....lol....Thanks.

If you have pc at LAN which should be able to an e-mail server outside using port 25 then you should open this port for this PC (putting it as a source IP). In destination pur the IP of this server. In this way the PC will be able to connect to only this server.

Found the answer in Routing and Mult-Wan forum http://forum.pfsense.org/index.php/topic,18033.msg92978.html#msg92978 @GruensFroeschli: Add the static route via the gui and not on the console. Under advanced activate the checkbox "disable firewall rules for traffic on the same interface" (or something like that, i dont remember how exactly it's called) thanks GruensFroeschli!

The captive portal doesn't use aliases for pass through IPs and has to use unwieldy MAC addresses for pass through as well. If there were aliases for MAC addresses they could be used to define static mappings as well as used in the captive portal. I have to change settings in 4 places at the moment if a client adapter changes; static mapped DHCP address, static mapped IP alias, CP pass through MAC, CP pass through IP. It seems there could be a way to make this one step but I don't know if it's possible. @GruensFroeschli: IMO this wouldnt make much sense. The aliases are to be used in rules. You cant use MAC addresses in any rules. The DHCP server doesnt have any rules. All it has is a list of MAC addresses. Would it make a difference if you handle the list in the aliases or on the DHCP config page? You still have to edit/manage a list no matter where it is.

Thanks Eugene! :) It was a Nat Rules that i forgot to add.. ;D If        Proto     Ext. port range   NAT IP          Int. port range **WAN       TCP            2222          192.168.1.30 2222  ** Please close this..SOLVED Happy to be with my pfSense Family!!!!

You can try the Snort package.

@tommyboy180: @cruzades: @tommyboy180: You can block port 80 traffic from going outbound from that particular box. This will force the client to configure the proxy. yup, but this will affect the whole network instead of just only one client. You can setup the outbound rules so that only one box will have port 80 blocked. It won't affect your entire network, just that one box. Example, deny port 80 from 192.168.1.199; all others pass. oh I missed the 'box' thing, anyway I want to make it automatic without further configuration at the user's end, is it possible?

Or access the internal server via a name? You could then do split DNS for the internal server. (And thus access it with it's internal IP directly)

This should help explain http://forum.pfsense.org/index.php/topic,5144.0.html

yeah i kinda figured it wasnt working properly before nice to know its in the pipeline though thanks

Why not use VLAN???

Thanks GruensFroeschli! I appreciate your help  :)

Thank you for your reply. This was a big help. I was able implement all firewall rules on the fly. After you pointed me in correct direction, first I used pfctl -F state            this did the trick and all new rules implemented immediately. Than I looked around under WEB GUI and found the following link that made the job really easy. DIAGNOSTICS –-> STATES ---- RESET STATES THANKS :)

LMAO!

IF you're looking for control, you may want to consider using Packetfence in conjunction with PFsense.