Well if anyone is interested how im using all of this (my setup)

i got 3 x WAN
and 2 x failover and 1 x load balance

1st wan = ADSL 512kbps/256kbps uncapped(very little bandiwdth supply in south africa)  = fixed cost = provided by 'Internet Solutions'
2nd wan = 802.11a/g 4mbps (at its best of times but atm its just tiny bit faster then above mentioned adsl) = 7gb then after that cost per mb = wireless Linked back to local 'Internet Solutions' branch
3rd wan = 1mbps = link to neighbouring company hosting our web servers = cost per mb = from neighboring company laser link back to local 'Internet Solutions' branch

1st failover = 1st to 2nd to 3rd
2nd failover = 2nd to 1st to 3rd
balance = 1st and 2nd and 2rd

now normally i have select few take 2nd failover option (faster)
else everyone takes 1st failover (cheaper)
never really use the balance

now surelly it would be a good idea to put a schedule on all rules so that at night everyone can only go out the fixed cost adsl incase people run downloads at night and run our cost per mb bills up

i havent had any problems with the failover feature  :) very nice to have

if you get the IP per DHCP you have to contact the person who's administering your DHCP.

if you have it static. just configure it in the WAN tab.
248 is /29

THANKS FOR HELP ME.

ALL IS OK NOW.

BYE!

Update:

There seems to be a problem with the FTP Helper which is currently being investigated…
In the meantime I have forwarded the passive FTP-Ports manually ;-)

Thanks a lot, Hoba!  :)

@redpanther:

@sdale:

Most likely you're problem was the firewall rule reload bug, where firewall rules were not being reloaded properly until after a reboot.

Do I have to reboot everytime I make a rule?

No, this was a bug only present in a special version but it has long been fixed. In fact you only have to reboot when restoring a complete config.xml. All other changes are applied on the fly.

Try this.

1. Update to a recent snapshot? ( http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ ) Still having issues, go to #2
2. System -> Advanced -> Disable Firewall Scrub, enable this option.  Work now?

Ok, that worked.
I had forgotten to put the NAT rule in, just created the firewall rules myself. ;D

WAN  TCP  19040  192.168.0.1 (ext.: 192.168.1.8) 19040

That made it work and added the appropriate firewall rules too.
Thanks heaps for that. ;)

This works but is more than is needed. Https is always a good idea. However you don't need the NAT rule. just make the webgui listen on one non default port at system>general. Then create a rule at firewall>rules, wan: Pass, protocol tcp, source any, destination wan adress, port <webguiport>, gateway default.

If you want to access your LAN clients from remote safely you should set up a VPN. There are different options. Which one is suitable for you depends mainly on your client and on the restrictions/capabilities of the remote end that you are behind.</webguiport>

Allowing AH, ESP, and UDP 42000 outbound from the LAN subnet did the trick. Thanks for the help.  :D

In general it works like this:

traffic is checkod on incoming connections at an interface if the connection is allowed it will create a state to allow the reverse connection as well first rule wins (top down)

Create a subnets alias at firewall>aliases likel "localsubs". Add all your local subnets there. Then edit the default lan to any rule at firewall>rules, lan tab. Change source LAN-subnet to "single host or alias " and "localsubs". Now you have a single rule that will allow all your internal subnets out. If you need to block single IPs or ports or destinations add a bloc rule on top of this rule. First match wins. You also can use aliases here for a group of hosts or ports to sum up mulitple rules in one rule.

No, it is not possible unfortunately.

@sullrich:

Create a firewall rule in Firewall -> Rules.  However we only control the initial state since pfSense is a stateful firewall (PF).

Thanks for not beating the heck out of me with a clue bat.  :D

@mentalhemroids:

:)  Ahhh… okay, so it's not some sort of parental control option for only allowing certain machines full access while limiting others.  That brings up an idea; does pfSense have a grouping option to associate firewall rules to a group of computers instead of setting up rules for separate machines?  Then you can manage your permissions by rule instead of making a rule for each machine.  I think that might be useful, but I'm guessing someone has already asked that question, and there is probably an option like that available already.
This all probably sound dumb; I'm a little tired and may not be thinking all that clearly.  I even went through all the firewall settings looking for something similar; is there anything?

Thanks for answering my first question.  That does make sense to have; it was a good idea.

Aliases work as they do with firewall rules and nat rules.

Yes of course, excuse me!

Thats kinda spiffy.  Would be nice if we had a CIDR lookup tool based on this type of thing.

mastrboy: you mean multiple aliases, not rules, eh?  because you just plug all of these into an alias and then reference the alias inside your firewall rule (1 rule required, 1 alias with multiple entries).

Yes that probably had something to do with it.  In the configuration I had in the past bridged some interfaces.  It is possible that I did not unbridge them.  Who knows I thought that I did?