There are XBox units on the network, but they are not using UPNP.  I disabled UPnP because of the size of the network (~1800 hosts).  The XBox rules are just there because we force the use of a proxy server and typically block port 80 for anything but the proxy.  The XBox units need port 80 for Xbox Marketplace to work, so I enabled it as a "test" for a few users.

Thank you much, works fine  ;D

You can use virtual iPs for the additional IP and 1:1 or portforward/outbound nat it.

Is possible someone's figured out about proxies? Especially, if thier using Firefox w/Foxyproxy.  :-\

Good work. I just got your message, so sorry I couldn't help earlier.. But sounds like you didn't need it after all. FYI - I think you'll be VERY happy you went with PFSense. I had my little nightmare setting it up due to my FTP problems (which turned out to be completely MY user error on the set-up - LESSON: DON'T CLICK CHECKBOXES YOU DON'T UNDERSTAND  ;D ). Since then, these boxes have run flawlessly with amazing reliability. I'm serving millions of sessions a day with them and they run on a pair of 5-year-old desktops. No problems with FTP whatsoever. Really amazing stuff here. Can't say enough positive. Put in the time on set-up and see the rewards…

If you are under attack again use the packet capture from diagnostics>packet capture to download some of the traffic. You can then open it with wiresharp for further analysis.

Thanks Hoba, Easy to see in the gui but if I am looking at the syslog and I try to find Rule 53 in the rules.debug, there is no way to easily pinpoint which rule is allowing this to pass through. Thanks, Mark

Okay I think the block has taken effect cuz there is no traffic to the restricted address. @Kapara nice tips I will do that (maybe create a .bat file for that registry tweak) or just disable the automatic update from the GUI

i think this is a good idea

Hi, i reinstalled everything and it's working now Thanks

http://forum.pfsense.org/index.php/topic,8514.msg50584.html#msg50584

thanks

I have succeeded in getting the Linksys PAP2T and SPA942 phones working with Trixbox and Freeswitch from in and out of the office. I also have a Cisco 7940 and have used it successfully in the office. However I don't count any phone that requires a TFTP server to pickup its config as a really good choice for an out of office phone. Its probably possible but more complex because of the TFTP server. If I were to attempt this with the 7940 one method would be to setup a TFTP server and install that inside the external network. Then copy TFTP files to the TFTP server. Next choice is to setup a remote firewall that establishes a VPN and use the main TFTP server. Another choice is to use a phone that doesn't require TFTP Server like the Linksys SPA942. Perhaps the final choice is to put a bounty for SIPProxyD, OpenSer, or a step by step tutorial specifically for external Cisco TFTP Phone. Some people have mentioned in this thread that SIP was designed poorly. I thought the same thing for a period of time. However the design allows for a SIP session to be setup and maintained at one location (useful for billing purposes). While the RTP (audio) can be moved to an another provider or in other words you can initiate the call and skip the man in the middle. That can mean better audio.

@hoba: @ahpaul: All my UDP being blocked!!! Yes, and you should be happy about that because that means the firewall is working!!! Check the ports that get blocked. They don't have to do anything with your portforwards at all. Well, I know it's working fine, but why my eMule KAD still getting blocked?

Wifi clients will be behind pfsense. They already got another server for  router + web cache (squid? not so sure), they only need captive portal function for wifi client.

Oh god! I tried to leave the gateway blank. If I put a blank in it, pfsense doesn't accept. If I leave it empty, then it works without a gateway (yes, I am a newbie in pfsense). So now have no gateway in OPT1 and now it works! Thank you very much!

thanks.

YEA! Now they are all works after change MTU to 1472 not the 1500 by default from my ISP. Cheers and Thanks!  ;D ;D

Yes, I am pretty sure about hbci, as I entered the value "3000" into the input field. But your hint with the antilogout worked. Now the second machine cannot access the ntop status page any longer. Would nerver have found this myself! Many thanks to you!!! kind regards, Marcus