Havok,

although VPN is a good idea, but i prefer to tunnel thru ssh…  ;)

anyway, i got it... i just have to uncheck the NAT reflection on the Advanced tab... provided with the right NAT rules and port forwarding, i finally had it working...

thanx for all your reply and suggestions :)

allison

aha, okej, thnx anyway, i fixt it by restarting the whole system.

is your wlan interface bridged to lan and lan has no link?

thanks, it helped.
it was my mistake.

external interface has to be the interface IP. "any" is for rather special needs and should not be used usually. I'm out of clues  ::)

Unfortunately, I have issues running squid in transparent mode (have a post in the packages forum about it) so for now that is not working for me :(

Active mode should work if the ftphelper is enabled at interfaces>lan (if your client is behind lan). However as ftp is such a dump protocol I wouldn't expect active mode to work in a lot of locations anyway. Read up on wikipedia like gruensfroeschli suggested if you want to know why this protocol has so much issues with nat and firewalls.

@fs1:

Is there a way I can allow only certain email domains inbound before I forward email to the mail server?
Thanks

no, you can only block on ip address using pfsense

Thanks again, it works perfectly!!! You guys are geniuses!

My game server is running fine, replacing pfsense with a basic router that have 4 LAN ports readily solves the problem. But if under pfsense, problem exists.
But i still want to use pfsense because i want to filter some WAN IP's trying to connect to my server without my authorization. Such features is not present in many commercial routers available.
Any other suggestions please, to resolve my problem? Do you know of any routers that can block specific public IP adresses from connecting to a game server. Thank you very much.

that worked great!  Thanks for the help.

Well the message basically just tells you that traffic which should not be there has been blocked :)
Nothing serious.
Just ignore it ^^"

But having multiple subnets on the same physical layer is just really bad practice and only leads to problems.

You're right, not emailed. Just being able to log the port scans somewhere in order view them when time permits. Web interface would be great although not necessary.

We are using SKI (shared key).  Yes, we have the check box  - Dynamic IP (Assume dynamic…)  checked.

you dont need to block/unblock a whole subnet just use a bitmask of say 26 to use first 64 of a net
or just use a combo of bitmask and alias

Where is the static box that i needs to get check in the AON?

i am looking to get the damn SIP shit to work and i will i almost had it working.

Thanks Hoba.
That did the trick !!!
Greatly appreciated the help