Hmmm you're probably right, I'm connected at WRT45G place now, Ok will reset the linksys now…

It's just by design that we only filter incoming. There have been lots of discussions about changing that. Search the mailinglists for this discussions. If you are only interested in the result of the discussion: We (pfSense devteam) don't want to change that.

@ipfftw: Id imagine its similar. No, not in the case of what your asking for, sorry.

Cool, you were right on this one. I checked from home and it was ok. I was checking from my secondary location… but I use pfsense there also. Thanks for the reminder.

Btw, on FreeBSD it is possible to force mountd (rpc.mountd in your case) to bind to a specific port instead of dynamically choosing a port. That way it's possible to create a filter rule for mountd by using that particular port. Regards Daniel S. Haischt

Ok I know this is a late response but I figured out why the CIDR masks werent working.  It was because the users werent giving me the correct ranges or subnet masks so I was using the wrong CIDR masks.  I just tested it with our range and it works great.  I'll be moving us to pfsense in the next few weeks as a permanent solution.

For the first part of your question: You need portforwards too as you have a NAT setup (I guess you have, not sure about that as you don't mention turning off advanced outbound nat). For the second part: pfSense utilizes an ftp proxy to handle ftp connections and nat. For your setup it might be better to turn it off (interfaces, lan, fthelper checkbox). By turning it off you will only be able to use passive ftp from lan to a server at wan. However you then can more easily write firewallrules for ftp.

@sullrich: Change the IP address on WAN or LAN.  You cannot use the same IP address on multiple interfaces. I can confirm that this works with a filtered bridge. When you use 2 different ip's in the same subnet, they both work from the inside and the outside.

Hoba, thanks a lot for your reply. I've now arrived at home again, so I will make a test-setup tomorrow and post here again. For some reason, pfSense hates me :-( Just to update you what I already did: First I tried it on a HP DL 380 G2 with two 64-bit Intel 2-Port GBit NICs, then I bought a new HP Blade BL20p G3 with 3 onboard GBit NICs. With both servers pfSense lost packets. Now I have created a VM for testing purposes and installed pfSense into the VM on the DL 380 G2. I hoped to fix the hardware/driver Problems of FreeBSD and my HP/Intel-HW with that virtualization trick. But now I cannot get access to the OPT1 interface (that the thread here). Well tomorrow I will install a test-server for the OPT1-Interface and then I hope that I can solve this for once and for all together with your help ;-) I'll try to make the SSH-Access to the pfSense work so that you can have a look directly at it and don't have to rely on my answers here ;-) Hoba I wish you a pleasent evening! Best regards, Chris

Create firewallrules at firewall>rules, new_interface_tab. You can setup DHCP server for this interface at services>dhcp server, new_interface_tab.

Firewall>NAT ,portforward tab. Hit the +button and set it up the way you want it. Make sure to keep the "autocreate firewallrule" option at the bottom checked. Save and Apply.

UPNP is now a package on pfSense.  I am updating this thread because it seems to appear in searches. Search for more active upnp threads, they are around.

hoba, It's the main IP I did the 1:1 nat for. sai, thx, that worked! Thanks, for the help guys!

When I use the "bridge" option, I can't subnet some of the WAN - I would like to know if I can have 2 dmz zones with a subnet of the WAN - with transparent IPs But it don't looks possible. Thanks PS. (not much response to my thread)

Thanks, MArk

It is not a bug, it is how FreeBSD works.

Thank You