@jahonix: What does the firewall log say? Activate logging for the pass and block/reject rules in question. Those are good items to try and test out.  What I had in mind was why you're having difficulty in getting port 987 to work.  One item to try, from a remote computer, is to telnet to the WAN ip address on port 987 to see if it connects.  This why you can eliminate the possibility of the ISP blocking port 987 for whatever reason and look at other issues.  Using the logging feature of the port 987 allow rule would also be good to using in combination when testing.  Then test as your normally do when you connect through Firefox to see what happens. Good luck…

We are all people, that is why we have different opinions -)))

@gollo: Yes.  I have a webserver on the inside and those NAT rules work fine. The firewall is working as advertised.  It drops traffic if the port is not open.  But since port 80,443,ftp is open it allows all traffic on those ports to the webserver.  What I want to do is block a single IP from accessing anything so I put in a deny all rule at the top of the list and it doesn't work, the user can still access everything. Thanks for the response. Could you please check: Specify the source IP as 'Single host' and give us pfctl -sr | grep <wan_interface_name>2) Specify the source IP as 'Network /24' and give us pfctl -sr | grep <wan_interface_name>3) Specify the source IP as 'Network /32', check if it works and give us pfctl -sr | grep <wan_interface_name></wan_interface_name></wan_interface_name></wan_interface_name>

is this for a nat'd web server your hosting? if so you probably need to turn on nat reflection

@hdavy2002: Hi, I have a dual core dell server with 4 GB Ram and 37 GB drive in Raid 0 My memory use is about 9 to 25% most of the time. I have Snort, Squid (Transparent), Ntop, Nmap, Bandwidth running. Once in a while, my GUI freezes and from outside, I cannot do any RDP or SSH into the box, the internet is working as I can use logmein.com to get inside and then do a reboot using ssh. I cannot understand why is it doing? Can someone point out anything weird Thanks all i have a problem too.. the problem is after i'm implementing the pfsense.. the effect is my router interface always up and down.. and i have to reboot the router every 1 hour.. my memory usage also bout 20% i think the problem is because the filter reload.. but i still can't figure it out yet

check for an update under system>firmware. check to see where its coming from under the current states, when you get it or shortly afterwords or start logging connections and see if you notice a trend

Blocking TCP:R (Resets) and TCP:F (Fin) can be normal, and not indicative of the actual problem. http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F

I can't explain why it's doing it. WAN2's modem isn't pinging it's LAN port, so I'm at a loss.

Hello, firstly sorry for my bad english but i'm from Argentina and in the spanish post anyone response me. I need help with my firewall. I have installed pfSense+Squid+Squidguard and i have a problem, i need to block some HTTPS. The Https to block is https://imo.im. Already probe writing in "domain list", "expression" and "url list" of the option Destination if the squidguard. I have a ACL configured to block this "Destination Ruleset". With other URL work perfectly. Thanks for your time i hope your response

Oke found the problem I hard resetted the modem and now everything works fine Thanks for the reply's

Thanks! I had pondered that idea at one time tried to do it with NAT and stuff since that seemed like it should have been the most straightforward.  Glad you confirmed that this works and got me back on that track! Note: I didn't even need the load balancer.  Just set the squid box up as a gateway and I set rules for anything on port 80 to use it.  Seems to work like a charm! On the other hand, I am using the load balancing for multi-wan, and squid is plugged into that. I probably will end up using the load balancing for multiple squid boxes… so that's a really nice idea/side benefit! One of my next tasks will be to learn about CARP. I wonder if I can get failover pfSense boxes running to smoothly hand off my increasingly complex setup...

sorry case closed.. the problem is when u don't need the interface.. unplug the NIC and "make sure you deleted it" it is that caused the problem.. case is solved TQ

If you've got squid running in transparent mode, then the rules are applied AFTER the redirect takes place at the firewall - the same as incoming port forwarding. So you apply a rule that governs access to squid itself - see attached file. [image: rules.png] [image: rules.png_thumb]

allow port 80

I finnaly figured it out. In firewall rules for OPT1 I changed Gateway from OPT1  to  Default, also created a static route for OPT1 DNS, everything works flowless, very happy, thank  you, thank you to all the developers of PFSenese.

bump?