Reloaded from scratch on my home machine and STILL could not access it from the office. (the other tests were between two offices) Turns out my residential ISP was blocking the custom port.  Lovely. Well, after a change to another custom port, all is well. Thanks for the help, everyone!

I having this same problem will try what you recommended.

unfortunately not. You would need a pfrules to config.xml converter as everything is generated on change/bootup from the config.xml.

At status>systemlogs, settings disable the default logging. Then add a block rule/block rules at WAN with a logging flag that only log the desired traffic.

normal PPPOE is used between the waninterface and a utp adsl modem for wat you want you need a lan interface and a wan interface and enable pppoe on the wan interface you can't do this with only 1 network card

I think you should be able to trigger that by adding advanced options to the ftp forward at wan to 127.0.0.1 (the rule the helper created automatically for you when creating the portforward).

You only will see the +icon if there is an unassigned interface. You need a 3rd nic for the scenario from the tutorial. If simple portforwards work for you you should just use it.

anything should i do at firewall side?

at interfaes/wan turn on Block bogon networks When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.

It's open from LAN by default and blocked on any other interface like WAN, OPT1,… If you want to simply open it up to the firewall at WAN for example create a rule at firewall>rules,WAN. If you want to forward it to an host on one of your internal subnets create a portforward at firewall>nat, portforward and let the firewall rule be autocreated (the box for this is enabled by default).

I know just a bit about layer-7 shaping abilities, and for know pfsense layer-4 scheme is working for me; but I'm sure that layer-7 in pfsense would bring the firewall into a new land where the most modern p2p programs change their ports to scape trafic shaping or the most commons firewalls that block well known p2p ports… But as I said, pfSense scheme is doing the job for me now, it saves more than 30% of my bandwitch that are being used by p2p programs in users boxes... it's amazing!

Already fixed in cvs.  Thanks.

Your changes will get overwritten each time.  Seriously, you really need to use something else if you want to have custom pf rules.  Sorry!

Ok, sad to hear it but I have to live with it. Cheers

lowcypl, your config seems to be okay. But beside that it is kinda hard to understand … what you were trying to accomplish regarding your setup? what is/was your issue (i.e. what does not work)? Regards Daniel S. Haischt

1.0-RC3 is now out, you really should update.

Show a screen shot of your custom rules and then run cat /tmp/rules.debug | grep USER from a shell/command prompt.

sorry i didn't get round to answer yesterday. I changed the setup after having these annoying problems with the bridge i was in a hurry had a customer waiting for the firewall. When i have some time i will do some testing with the bridge setup and post my results.