I had it installed on my pfsense box to begin with, but if I remember correctly it, it did not work as expected because of the way the log file exists on the firewall. Since it is fixed at 512k, I was losing entries as well. My recommendation would be to setup a remote syslog server. It is a trivial task.

btw: this is thread about tracking changes: http://forum.pfsense.org/index.php/topic,9119.0.html

Are you really sure you allow everything? I mean a * in the protocol field and not TCP or TCP/UDP. Anyway i would update to 1.2.3 –> http://blog.pfsense.org/?p=377

here's the screenshot of my LAN and WAN rules    

Here is the picture of the 1:1 NAT. Is it correct ? Outbound is set to "Manual Outbound NAT", and there is NO rule created (I erased the only one auto-generated). [image: 11NAT.jpg] [image: 11NAT.jpg_thumb]

@xcrustwadx: I also was unable to find records of upnp traffic in pftop either…  I didn't think it was possible to bypass pf. You aren't, the rules go into the upnp anchor, which is probably above your normal rules, hence the reason you can't override it.  I think we'd be willing to see a patch that moves it below user rules and doesn't regress anything ;)  In the meantime, I run upnp on ONLY a trusted interface with very little else on it (that poor xbox is quite lonely, but it does have the Wii and my torrent machine for company at least). –Bill

got it… apparently it had to be TC/UDP not just TCP.

You should only be making rules with the webGUI Do not mix firewall setups.  pf is the firewall used for 99% of everything, you absolutely can and will goof up things if you mix ipfw in.

AFIK though, OpenDNS only has two IP addresses.

@Perry: you could try @http://forum.pfsense.org/index.php/topic: What a tcpdump on my Lan nic shows when i try from a outside connection tcpdump -t -i vr0 port 3333 and maybe search in http://192.168.1.1/status.php Thanks for the tip, that was a good page. I don't recognize the URL, it is not linked to in the GUI is it? And I think I finally found the problem - my bad - I have a complex setup of mail servers internally that routes mail back and forth and I have 3 non-standard ports exported for some of those SMTP purposes. I think I may have fooled myself into enabling logging on the wrong rule, I was looking at 25 but the internal target for that NAT was another port.. Thanks,

@GruensFroeschli: Your attampt should work. But dont set a source (i assume nn.nn.nn.nn/22 is your WAN subnet) otherwise you would have to be in this subnet to access the webgui. Yes I know, I have access enabled for one specific location and if I'm elsewhere I have to use VPN or RDP to another internal server first. Cheers,

time to reinstall your PFsense :)

Create an alias with the adresses that you either want or dont want to be able to acess. Probably the don't want access as I assume this will be smaller. Then create a single rule Lan Pass Source !BlockedIPList Destination any Port HTTP to HTTP Create a second rule covering HTTPS You need to remove the rule allowing the entire internal lan out This should work.. Regards Mark

@Monoecus: You have chosen (any) in the NAT Port Forwarding window. Try to use “interface address” so that the rule does not get confused with LAN. switched it, still no change :( at this point i've also tried a reinstall, i get a notable error trying to install grub, but i just skipped it instead, but far as i can tell, the rules are being written out, what file would the rules be written to? nvm, found it, looked like all the rules were fine