Thank you very much!  Had to set the source port on both the allow and the deny to get things working.

Thx for your help Perry - things seems to be working as expected.  Bit of a pain tho - had to monitor the block logs to figure out why some o the whitelisted sites were loading slowly.  had to track down and allow all the embedded crap (verisign,etc)  But all is good now. pfsense rocks!

Here is my transparent firewall config. Everything works except for a problem with the default rules for the LAN. Hope it helps http://forum.pfsense.org/index.php/topic,13142.0.html Best Regards M3

or u mean to say that all the addons will be available in the standard ISO itself. The most important thing for me is to restrict users from downloading data from the internet . and stop uploads on file sharing sites. Can anyone give me the solution

Hi konung, Try this: activate the helper on both WAN and LAN interface. Add a rule on the LAN interface allowing all traffic, all ports to 172.0.0.1, make sure this entry is the 1st in the list. It solved my problem with ftp connections (multiple WAN). Connections setup by Inet browser,ftp client and cli are all working now. If you need incoming sessions as wel you'll need to add NAT rules to allow it. regards

sorry for the earlier reply….this prob is doing my head in! Going to wipe the AP's config, and rebuilt them..ensuring they get a DHCP address from pfSense on new VLAN (think I am going to choose 45) and use a range of 172.16.99.0/24 for the Wireless network, will leave the AP's open with no encryption, create a new "allow all" rule with logging enabled and do as you say.....i just don't understand how it can get a DHCP address and not allow anything else, and allow the clients to ping each other but not pfSense... will report back this afternoon when i get onsite...

This is kinda unnerving either my problem is: 1. Really obscure 2. Really stupid 3. Noone knows 4. Don't have enough information If anyone is interested in helping me out I can give you more information on my configuration and network setup. Best Regards M3

in 1.2 this works as it should and i think in 1.21 killing the firewall states should also working

Hmmm, maybe i can use firewall rules instead of Port Forwarding …

2.0 has something to help with this.

I have a same problem. Upgrade 1.2.1 RC2 solve problem I use it 2.0 alpha now and work fine.

You are right. The answer was sort of there. =) Since my DMZ is a private address network all traffic from WAN first arrives on Wan and is port forwarded to DMZ.

Hello, The 2.0-AA(1.2.1-RC2 too?) capable of creating a pretty decent scheduling access rules. It's worth trying ;) cheers,

Use the search function of the forum: http://forum.pfsense.org/index.php?action=search keywords: "access modem WAN" http://forum.pfsense.org/index.php/topic,5727.msg33931.html#msg33931

I don't think it's a bug, UDP is a connectionless protocol and allows hole punching: http://en.wikipedia.org/wiki/UDP_hole_punching I don't know enough about Asterix to say if that's what's happening but Skype definitely works this way and so does TeamViewer.