I just submitted a couple of IDS/IPS FAQ answers to address this, since its clearly a FAQ.

Also, if you are using the Squid proxy package, all website accesses are tracked in /var/squid/logs/access.log.  If you use authentication, the username will exist in this log as well.  A GUI log viewer is in the works.  Thanks!

Mike

@charles.regan:

Found the problem. Traffic shaper when enabled was blocking port 21… maybe due to low priority ?

I dont think you need those UDP entries…

Final update, I got it to work by switching to external port 6360, randomly picked off a chart of assigned ports.  If anyone has similar problems, feel free to PM me and I'll help you through it.  Thanks again everyone!

If you have DHCP on WAN you can change your destination IP of that rule to any. Unless you forward the webguiport to anything else you are protected by the NAT ;-)

Did you check the "autocreate firewall rule" at the bottom of the page when creating the portforward? This is importent as it won't pass your WAN interface to be forwarded by that NAT-rule then.

@Marino:

Good, im gonna try it tomorrow.
There is somewhere a docu about the ftp helper ? I looked everywhere, but im still dont now, what the helper is ?!

I like pfsense every day a little more and im sure, that now i spent more than 25h to even play and make tests with this firewall.
But its very sad, there is not a handbook availabe, because e.g. the trafic shaper configurations are so advanced, that u need absolutely a doc/book.

We need people to write it.  pfSense is not even out of the alpha stage yet.

@kikawala:

I tried using the ranges but had to settle with single addresses so I could use the extra IPs properly when NATing.

Yeah, there appears to be a some type of bug with choparp (proxy arp daemon) and FreeBSD 5.X+.  Strange how single ip's work but yet a range doesn't.