Hi, How about ports for IRC , say 6667? OTOH, if you decided to open ports for *IM and, you may not consider to deploy upnp so that *IMs would not get fully functional, normail chats(typing) are okay but voice/video and/or file transfers will suffer. That's my only .02$ worth. :) cheers,

If you've only got a rule to pass all traffic then effectively the firewall is disabled.  This means that any problems are (as I've already said) probably NAT related. You may want to try enabling UPnP and see if that helps.  You may also need to read up on the networking requirements of the games in question.

Ok that was too easy! guess I learned something.. It's working perfectly fine now, thank you.

I found the problem!! Just to let you know, if somebody ran in same sort of issue: It was the video card  ??? Once removed, everything run smooth haha. The In/Out errors on the interface were due to underrun; The NIC card was not receiving packets fast enough from the DMA. The video card was slowing down the interrupt or something… Anyway, now it's fast and it rox!

thanx

hmmm…it's multi-wan env so that I wouldn't think ftp helper(ftp-proxy) helps you well... if the ftp-proxy works correctly, then you don't need any rules for outgoing ftp because the traffic originated from the LAN, pf would keep its state then return traffic comes thru to the originator, ftp client(s), on the LAN. That's how nat is done by pf, and how pfSense configured. Check out your current rules: /tmp/rules.debug and see how ftp-proxy is configured. fyr - http://www.openbsd.org/faq/pf/ftp.html

This is big FAQ but a bunch of clues; http://forum.pfsense.org/index.php/topic,7001.0.html

There is a search function… http://forum.pfsense.org/index.php?action=search --> http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf Under "Firewall" --> "Virtual IP" you can also find PARP, CARP and "other" VIP's.

What kind of service do you have to access? Yes you have to forward ports to the computer you want to access.

i hope its working i determine its working by when i go to a website that detects your ip i hit refresh and i get 4 different ips.. and a little speed increase.. photos are below to show u my diff ips and each wan has its own modem. and if i put in 198.168.100.1 it choses any of teh 4 modems.   [image: bottomload.jpg] [image: bottomload.jpg_thumb]

ive been reading and i dont think u can get it working on 1.2 on any other place than wan but i think 1.3 they said it should be implemented.. Can you share with me how u got it working on the wan?

You could assign captive portal to the LAN. Then you can control access From the WAN by mac address, ip address, and/or giving out user accounts that allow people through captive portal. You probably can do this with firewall rules too but captive portal is easy and flexible and will work. Best Regards, Mark

That worked! Forget the second question.  I figured out what I needed to know there :)

Issue Resolved - Windows Firewall Issue

I was looking for "ssh to a config file xxxx and edit it".  I always overlook the obvious….. Simple is better, I'll give it a go... THANK YOU!

What is not good about the solution with an alias containing all you private subnets?

@AudiAddict: So Maximum state entries per host option is sufficient? Can I leave the other fields blank? Regarding the amount, could you give me a suggestion on what to use? I don't want to limit any services running on our wan side.. what would be a reasonable amount? Correct on the first two questions.  The last really is site specific.  It could be two, it could be a hundred, it could be more shrug.  That's why I said, whatever is reasonable for you.  I don't know what type of traffic you see. –Bill