@hoba: This is not doable unless you have 2 public IPs and resolve each hostname to one of the IPs. You then can use a virtual IP for the second host and forward it to a different location. Hi Hoba, thank you for your reply. Yes, I have 4 external IPs. So that makes my live easier. Regards, Alexander

You must have some invalid configuration. Never seen something like this before. Try restarting from scratch and recreate your config step by step and test in between the steps.

Lots of things are similiar at the frontend though the backend handles them different (like different filter mechanisms). That's why some of the options shown when editing a firewallrule are different for example. However the "basic concept" is pretty similiar, at least when talking about basic NAT and firewallrules.

the ngX interfaces are the PPTP tunnels. Each user has it's own interface when connected. Make sure you used protocol "any" in your pptp firewallrule instead of the default "tcp".

Try upgrading to the latest releng snapshot please.

I am working on this right now for HEAD version. I'll keep posted how my progress goes and when it will be available in releng.

I would be grateful if you get some documentation together.  I'm stuck getting the rules right so packets actually get sent through the tunnel.  I would love to start over and try again.

I guess this would be for blocking myspace or something. The only problem is they have ~7 ip addresses. Keep people honest at work huh …  ::)

http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/ New batch is building now.

Hi there, it seems to work now. Thank you very much for your help. BTW: The new web-interface looks gorgeous ;) Cheers, Manuel

Thx Sai, yes indeed about Squid. I am getting into that. I managed already to make a filter and add some IPs to it. Now my next object is to create for every user a filter. I have this in Squid.inc: acl semirestricted_hosts src "/var/squid/acl/semirestricted_hosts.acl" acl semirestrictedlist dstdom_regex -i "/var/squid/acl/semiwhite.acl" Now, should I just add two more lines to create another filter? Thx, David

I've just fixed the file, and added a link to the dynamic view on the filter logging page. In about an hour, grab the latest snapshot and you will see the new option.

Depending on the implementation it might be udp and tcp. I would make the rule use protocol udp+tcp.

Nope, you didn't get the point: 192.168.1.0/24–---LAN/pf1/WAN-----(VPN)-----WAN/pfcolo/LAN----192.168.0.0/24 You block traffic at LAN of pf1 leaving into the ipsectunnel like from pf1 LANsubnet to remote subnets before it goes into the tunnels.

Using 1.0.1-SNAPSHOT-02-02-2007 built on Sat Feb 3 20:14:47 EST 2007 now. The ping issue is gone :). Thanks to hoba for the heads up about it being fixed and to everyone working on the pfSense project.

In case you have to pay for traffic I would frequently check the rrd graphs. It should be an indicator for unusual high traffic. If you see something there it's time to monitor your traffic, either by viewing pftop from the shell or checking diagnostics>states. You should find the sucker pretty quick then.

sorry I meant put my etxernal IP (which everyone connect's to) to my internal IP which is what im hosting the service upon. I seemed to get some issue's that way and I still can't work out how to allow msn but apart from that it seems to do the job well  :) fairly intuitive to use aswell, i'll just play a little more to try and sort this problem with MSN.

@yozh: Oh okie. Thats cool. Is there anyway for me to import my rules now, or do I have to put them in manually ? Manually…