Hello again. It seems that NAT reflection was the problem. I was just so sure I tested the ports from my home-computer, which has a different WAN IP and not in any way connected to the pfsense LAN. Well it worked, and I'm very grateful :) Thanks, Sune W.

Thank you! :)

@timurx: Why can't pfsense rules be formulated based on url references? Because pfSense uses pf and not ipfw. (except the CP and shedules).

FINALLY!!! I got it to work! The solution: I used OPT1 or OPT3 for the incoming connections, change this to WAN All devices connected where configured with static IP addresses, configure for DHCP and set up DHCP-server on LAN Make some NAT and firewall rules to LAN & WAN +> Problem solved! Eugene thanks for the support so far!

Sounds like a problem with your Squid configuration, but from your lack of useful information (eg, phrases like "etc etc") it's hard to help you. How about you start by providing the version of pfSense and Squid you've installed, along with details for all the other packages.  A note of all the settings you changed from the defaults for squid will be rather important too.

no don't have anything listening. (wouldn't even know how to setup a ftp server lol). ive checked the box on the wan side but no matter what i do cant close the port… dono what to do guys, im at a loss . is there not maybe something else im doing wrong? - cards are bridged? thank u again for ur help guys

I have played around with this and I still can't get the system to block browsing access after hours. I will continue to try but I then realized that if I block browsing access will these also block me from being able to RDP into the domain? I have set the schedule and created the rule but still no block, has anyone here successfully stopped browsing access according to schedule?

Hi I'm having some issues setting this up ifconfig gif0 create ifconfig gif0 tunnel lan.ip.1.1 broker.ip.here.142 up ifconfig interface0 inet6 IPv6:Prefix:here::1 prefixlen 64 alias route add -inet6 default fe80::%gif0 where lan.ip.1.1 is that my lan interfaces ip(192.168.0.1) or the computers ip(192.168.0.5)? where interface0 is that my lan interface or my wan interface? where IPv6:Prefix:here:: do i set that too the Client IPv6 address i got from tunnelbroker.net? does anything need to be changed in the last line? and… netsh interface ipv6 6to4 set state disabled netsh interface ipv6 set privacy disabled netsh interface ipv6 add v6v4tunnel mytbs 192.168.1.1 202.157.186.227 netsh interface ipv6 add address "Local Area Connection" 2001:db8:ff:ff::1 netsh interface ipv6 add route 2000::/3 mytbs publish=yes where  192.168.1.1 do i put my computers ip or my lan interface ip? do i use  2001:db8:ff:ff::1 or do i replace that with my Client IPv6 address i got from tunnelbroker.net?

I had the same problem once but it was related to bogon networks, my file with non-allocated reanges was not uptodate. Packets dump would definitely help here.

A reboot did the trick! :) Sorry, I just installed it and so I am still learning… Thanks, Jens

It turns out that I only resolved part of the problem. I can now access my file shares again, but the local workstation still shows as "unauthenticated". However, I am starting to wonder if this is a bug in Windows 7 since it doesn't seem to have an impact on anything… Bern, I am running a web server, a mail server and a database on my windows server. I know that I can probably do the same on Linux, but my knowledge in Linux isn't the greatest and so I feel that I would just set myself up for trouble... ;) On the plus side I also have trixbox which runs on linux in my environment as well. However, that also gives me more than enough trouble at times... ;) I figured I should update my findings here in case somebody else runs into the same problem. Thanks again to everybody trying to help! Cheers, Jens

@ndanforth: Thanks, I upgraded to 1.2.2.  Still no luck.  I have all OS finger printing disabled. It seems like the return packets from the server is not coming back in through the WAN interface. I just dont get why windows is ok and Linux is not. Correction.  I found that all my rules were having return traffic blocked by the default rule.  Changed the rule state setting to Keep State.  Now all is working with all clients. Thanks for getting my brain moving.

Nevermind….fubar'd the rule, source AND destination ports were set to 1194....sometimes you cant see the forst for the trees.....lol....Thanks.

If you have pc at LAN which should be able to an e-mail server outside using port 25 then you should open this port for this PC (putting it as a source IP). In destination pur the IP of this server. In this way the PC will be able to connect to only this server.

Found the answer in Routing and Mult-Wan forum http://forum.pfsense.org/index.php/topic,18033.msg92978.html#msg92978 @GruensFroeschli: Add the static route via the gui and not on the console. Under advanced activate the checkbox "disable firewall rules for traffic on the same interface" (or something like that, i dont remember how exactly it's called) thanks GruensFroeschli!

The captive portal doesn't use aliases for pass through IPs and has to use unwieldy MAC addresses for pass through as well. If there were aliases for MAC addresses they could be used to define static mappings as well as used in the captive portal. I have to change settings in 4 places at the moment if a client adapter changes; static mapped DHCP address, static mapped IP alias, CP pass through MAC, CP pass through IP. It seems there could be a way to make this one step but I don't know if it's possible. @GruensFroeschli: IMO this wouldnt make much sense. The aliases are to be used in rules. You cant use MAC addresses in any rules. The DHCP server doesnt have any rules. All it has is a list of MAC addresses. Would it make a difference if you handle the list in the aliases or on the DHCP config page? You still have to edit/manage a list no matter where it is.