Ok, i finally found the problem. There was no problem with the firewall, it was a problem of DNS.

Same as always: allow TCP from LAN net to any IP with port 80 destination (HTTP) and similar for HTTPS. If it doesn't work then you seem to have scrumbled a lot. Try a fresh and clean install instead.

Well i've managed to realise that the problem seems to occur during setup. After i've set up my internal and external VIP's, I configure Advanced outbound NAT (internal network –> WAN VIP). As soon as I do this, I lose connection to the internet (though I can still ping out?!). I hope this sheds some light...

Not sure if this is acceptable but: You basically want to access stuff on the LAN from the OPT. The problem is, that the server on the LAN doesnt know where to send the answer to. If you enable NAT from OPT to LAN, then the requests appear as if from the IP of the pfSense on the LAN side. Like this you dont need to change anything on the existing stuff. howto: enable advanced outbound NAT under "firewall" –> "NAT". there will be an autocreated rule for LAN-->WAN copy this rule and change it to OPT-->LAN

IMHO uploading a changed config.xml requires a reboot. I tend to believe that current sessions will be cut then.  :) Another route to go might be the centralized management interface that popped up as a bounty several times already and never was finished. I think it's withdrawn but look in the bounty section.

Try the search function ;)  This has been discussed many times and details can be found in the forum (hint, look for squid.inc).

Yes bridge is the right word. It's actually workign now. Many thanks

Oops, my crystal ball is broken too -((( It looks like epidemic… iamthed, it's not about your English. It's about the information you give us. And if when you "discard pfSense" everything works fine why do you need to use Firewall? my boss told me that's must be a firewall error because when i use sniffing from router. the IP come from firewall WAN interface not from the client IP ( he thinks it's a proxy, i have a proxy but i'm not using transparent proxy and i never setup browser to client so it's cannot be proxy) you (and may be your boss) should probably read about NAT. Don't get me wrong there is no intention to be rude to you but it's impossible to give you an advice.

Yeah, that's OpenBSD. We're using the FreeBSD port. I wouldn't hold my breath, we don't even have carpdev yet…

Thanks for information Have a nice day D

yes. See the howtos on http://doc.pfsense.com

About the same: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F

When dealing with port forwards, the destination IP is always the "internal" IP address, never a WAN address. The rule still goes on the WAN tab though. And with traffic coming from the internet, you never need to set a "source" address, that is not rewritten anywhere, and will always be the original IP. As I mentioned in the previous message, you did not have the correct firewall rule in place to allow that traffic, which is why it was being blocked.

I fixed the problem. I reinstalled 1.2.2 and made sure my LAN ports were getting public IPs from the modems. I think double NAT was killing stuff.