we dont use nat as we have a /26. Im not sure what was causing it. I set up a different hostname pointing to the IP and that worked so I think it must have been some other IIS/windows issue rather than the firewall Thanks for you help

Thank you gentlemen.

You may have to reset the states in order to have this host banned. Actve states will not be reset otherwise.

@Bern: The PCs know their subnet and both will "see" that the other PC is on the same subnet, and make a direct connection to the other PC without using the firewall. Yeah, I was like 90% sure this was why, but I figured I might as well ask to be sure. Gruens: I have a plain old unmanaged switch, so I think it would be easiest to grab another NIC and use that as my DMZ.

Hi, Sorry for the long delay. What is not working is when I connect via a teamspeak client to my external IP address it gets an error.  If I use a computer on my network and go directly to the servers IP..192.168.1.104:8767 it works fine. I went to System>Advanced, and I unchecked the box that said Disable NAT Reflection and Saved it and tried again.  It still didn't work. I went into the rule and made it a singular port.  It also didn't work. Any other idea's why port forwarding isn't working? Thanks for all your help.

I fixed it. Problem was that the promiscous mode was disabled on the switch. Thanks, Andreas

upnp? hmm.. i'm lost.. untill now i'm stilll unsuccessful fwd the port for azureus :(. is there any step by step howto to crate port forwarding?  plz..

Well, actually you missed the attachment…

I think "any" is what you want. If you specify TCP or UDP you dont do much else than ignore packets which have a different protocol number in the bits 72-80 of the IP header. Yes, unless you use an "any" rule you have to specify a rule for each protocol.

Yup, that's what I did differently. The first time I set it up, I had NAT reflection disabled. The second time, after resetting the rules, I did it all with NAT reflection enabled. Good to know where I went wrong. Thanks!

got it working /F

If you have a vlan switch you could give it's own net. Else maybe a reject rule from printer to 2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.

Yeah, the carp virtual IPs are for layer 3 virtualization. You would almost need an STP type setup where one interface doesn't pass traffic unless the master fails.

I also got the routing rules for the wifi VLAN to be able to connect internet but not office VLAN. Recheck that you did select /24 I gotta do some more reading on proper rules making. Wondering is there any short and sweet guide for that? might help you out

The network cards are realteks, to be more spesific the box is a Watchguard Firebox X. [image: nettverk.jpg] For some reason, the samba server works just fine from Trusted, or more spesifically from behind the SonicWall. The issue is present for all clients connected to Medium Trust. Thus it is very unlikley the issue is the cable, or the nics; if it were a hardware problem the clients behind the SonicWall would work in the same matter, and the server would still exhibit the same symptoms if I connected  directy to the Medium Trust VLAN, and it does not. Why it works flawlessly from behind the SonicWall I do not have any clues to. It should be noted that I have tried multiple computers, all running different configurations, hardware as well as distrobutions (I have however not tried with Windows, since I do not have any pc's running that readily avaliable). It could obviously be a routing issue, however nothing points to this, and every other service beyond samba works just fine. There are no logs on the samba server that would point to any issues, but the dmesg on the clients are filled to the brink with random samba errors, but nothing really useful there either. SMB connection re-established (-5) smb_add_request: request [f50f2300, mid=54473] timed out! smb_file_aio_read: OST 2/13 - Weekend (c-4).mp3 validation failed, error=4294967291 SMB connection re-established (-5) smb_add_request: request [f50f2a00, mid=54716] timed out! smb_file_aio_read: OST 2/13 - Weekend (c-4).mp3 validation failed, error=4294967291 SMB connection re-established (-5) smb_add_request: request [f50f2300, mid=54927] timed out! smb_file_aio_read: OST 2/13 - Weekend (c-4).mp3 validation failed, error=4294967291 SMB connection re-established (-5) smb_add_request: request [f50f2c00, mid=55138] timed out! smb_file_aio_read: OST 2/13 - Weekend (c-4).mp3 validation failed, error=4294967291 SMB connection re-established (-5) smb_add_request: request [f50f2100, mid=16044] timed out! smb_add_request: request [f50f2100, mid=16045] timed out! smb_lookup: find Mp3/Album failed, error=-512 smb_add_request: request [f50f2300, mid=16047] timed out! smb_add_request: request [f7022700, mid=16049] timed out! smb_add_request: request [f50f2e00, mid=16050] timed out! smb_add_request: request [f50f2e00, mid=16051] timed out! –> to infinity and beyond. Best Regards, MeatPuppet

http://doc.pfsense.org/index.php/Tutorials yes

I wrote a simple Syslog server in PHP it could likely be made into a package. If someone would like to sponsor it with a bounty then I may consider making it into a pfSense package.

Thank you GruensFroeschli for the reply and the URL Info. I'll go with split DNS option. Once again Thank you for your help.

So do I go into Firewall / Rules / Wan Select pass and a network of 192.168.1.255?

http://doc.m0n0.ch/handbook-single/#id11640519 Before posting additional question please look at http://forum.pfsense.org/index.php/topic,7001.0.html and search the forum.