This is the same problem like here: http://forum.pfsense.org/index.php?topic=293.0
You have to use advanced outbound nat to create additional nat mappings for the internal networks pfsense doesn't see directly (in the webgui at Firewall>NAT, outbound tab).

Also make sure you have all routes setup accordingly.

Don't worry, my NIC can't support 802.1q ;-)

delete this

Thank you

Merry Christmas ;-)

Use the virtual ip option and setup the ips as CARP or PARP.

Although inputting 8 class c's is not going to be fun!

Be carefule with update_file.sh … It pulls from CVS HEAD and not RELENG_1.

Speaking of which, it's time to fix this problem.

LOL … nope!  ;)  Guess I should go back to my roots of just trying to click on everything!

Thanks again...

-- Phob

Determined that the problem was due to a software firewall glitch on the workstation, not the fault of pfSense.

Thanks!

– Phob

Ok, read that too quick. you are right. TTL is not configurable.

@charles.regan:

PFSENSE thinks both network are on the same subnet, but they are not!!!

Sure they are! 149.217.134.0/24 includes 149.217.134.184/29. There is no router in the whole wide world that can handle this  ;)

Nice :-)

would be an interesting idea…

keep on to the release state !!!

I just submitted a couple of IDS/IPS FAQ answers to address this, since its clearly a FAQ.

Also, if you are using the Squid proxy package, all website accesses are tracked in /var/squid/logs/access.log.  If you use authentication, the username will exist in this log as well.  A GUI log viewer is in the works.  Thanks!

Mike

@charles.regan:

Found the problem. Traffic shaper when enabled was blocking port 21… maybe due to low priority ?

I dont think you need those UDP entries…

Final update, I got it to work by switching to external port 6360, randomly picked off a chart of assigned ports.  If anyone has similar problems, feel free to PM me and I'll help you through it.  Thanks again everyone!

If you have DHCP on WAN you can change your destination IP of that rule to any. Unless you forward the webguiport to anything else you are protected by the NAT ;-)

Did you check the "autocreate firewall rule" at the bottom of the page when creating the portforward? This is importent as it won't pass your WAN interface to be forwarded by that NAT-rule then.

@Marino:

Good, im gonna try it tomorrow.
There is somewhere a docu about the ftp helper ? I looked everywhere, but im still dont now, what the helper is ?!

I like pfsense every day a little more and im sure, that now i spent more than 25h to even play and make tests with this firewall.
But its very sad, there is not a handbook availabe, because e.g. the trafic shaper configurations are so advanced, that u need absolutely a doc/book.

We need people to write it.  pfSense is not even out of the alpha stage yet.

@kikawala:

I tried using the ranges but had to settle with single addresses so I could use the extra IPs properly when NATing.

Yeah, there appears to be a some type of bug with choparp (proxy arp daemon) and FreeBSD 5.X+.  Strange how single ip's work but yet a range doesn't.