thanks for your answer Vantage

yes i would be interested in seeing how you manage pftpx start

Is my config so hideous, you've all turned away?  ;)

I don't know this should works.

Pass out port 443 proto tcp.

After u have try, please let me know.

I also want to know.

To jahonix:
I mean is add a rule temporary, i want temporary pass or block some host that not modify configuration file, and discard them at reboot.

@memento:

allow from LAN subnet -> wan address (…all traffic ... can access the internet...)

Nope, you only allow traffic TO the WAN interface, not beyond it.

If you want all traffic but other local subnets then define a subnet alias and make a rule like:

Proto        Source        Port        Destination        Port        Gateway        Schedule
X        *          LAN1            *          !SubAlias          *              *

@memento:

also when adding a rule on the LAN1 interface to block any incoming traffic from LAN2, it did nothing.

Rules only handle the traffic that enters pfSense on the respective interface.
To block traffic from Lan2 to Lan1 you have to do so on the Lan2 tab.

@memento:

the goal here is to allow each user to setup their own rules on their own subnet without touching another users subnet rules.
Is this possible or do i have to act as the router police and handle all rule changes ect.

This is not m0n0wall, we don't have different users ATM.
If you allow others access to the webGUI they will be able to change any rule they want. This is not practical.

Have one person to administer the ruleset in close communication with the other parties.

Imagine if admin3 doesn't want the other subnets to lurk in his one then the rules have to be on the other subnet's pages and therefore are not controlled by him. And I wouldn't want him to touch my ruleset to acchieve his goal…

BTW:
Make sure you have defined different subnet ranges for the LANs and/or OPTs. Routing is not possible otherwise.

Thanks that did it.  I am too used to Linksys etc.  Not seeing a port forward tab kind of threw me.  I have to learn that port forward is under the NAT tab and remember that.  I have found it there before but forgot about that location.

even after looking at the Uverseusers board and asking there I still have not had a definite answer.

Let me ask you this then, is there any way to combine these 2 interfaces into one logical interface?

Many thanks.  I've taken a look at the transparent bridge setup and briefly messed around with the configuration while I had the "filtered bridge" option enabled.  I'm sure I'll some follow-up questions later about what rules to apply for inbound traffic, but I appreciate the help.

ssh to pfsense
choose option 9 (pftop)
Press F1, press shift-r

Hi there,

I also in need of help to setup all the static IPs provided by my ISP with pfSense. What I have in mind is to use a different IPs to be assign to respective servers.

ie WAN (static IP) –> LAN (192.168.1.100)
or like for WEB SERVER -  WAN IP:80 --> LAN IP:80
or like for FTP SERVER - WAN IP:21 --> LAN IP:21

Kindly provide us a HowTo on how to set this up correctly.

Thank you so much in advance.

Hi there,

Thank you so much for all your replies, Cry Havok. I really found LogMeIn a very easy way to access my PC at work before I setup pfSense but with what you said about organization policy, it really got into me and realized that it would be best not to allow such 3rd party services to let go in and out of my network. So, I decided to do remote desktop or access thru OpenVPN.

Again, thank you.

Found the solution!!!

After trying the latest version of monowall (i was previously on version 1.1) and it having the same problem I guessed it must be a kernel/driver thing and changed all my network cards from realtek to Intel pro 100/s and it is now working!

I can't see how I could do this exactly with alias. aliases are just bunches of Host/Network/Ports which can be used in rules.
I agree that it helps to lower the burden.
But if a completly new rule (new dest ip/port) must be setup I have to define (in fact you can copy) this rule on each other interface (using aliases to lower the burden for changes to the rule).
Or if a new customer/interface will be setup, I have to copy all rules over to this new interface.
I was just wondering if there is a smarter way for such a setup. I can live with the 'alias workaround'

Or am I missing something?

what's the default time out value? Is the one we can set up at each firewall rule?

I have my switch configured to use both vlans 3 tagged and vlan 1 untagged on the same interface. Can pfsense not handle that?

Woudl i have to use both of them as tagged for pfsense?

pass      TCP/UDP      LAN net        110 (POP3)      WAN address    110 (POP3)      *
pass      TCP/UDP      LAN net        *    *    110 (POP3)      *

Block their networks in firewall rules. It might be hard to determine what all their networks are though.