I know some of us use pfSense here and I’ve only used it for single-IP functions and for auto-sensing internet paths if a site doesn’t have a static address at the time of programming. I’m moving away from single server design on my ESXi box to dedicated guests for each service but I cannot seem to get those dedicated services through the firewall. I have a 29bit subnet (IPs 1 through 5). Everything is internal to the ESXi (5.1) server. .1 = pfSense Firewall .2 = OPT1 interface on pfSense .3 = Customer VM (will port over to OPT2 after this works) .4 = All-in-one hosted VM .5 = Same All-in-one hosted VM I am going to eliminate .4 and .5 as I pull specific services out and into VMs (I’ve already moved the basic part of the FTP, the entire SQL server and LDAP to internal systems). But whenever I set up NAT rules on .2 it seems to be using .1’s stuff. I will have the following pushed through: FTP WWW (one primary, each subserver has functioning Apache for their services) IMAP SSL/SMTP SSH (via pushed ports to each server) Any thoughts would be helpful. The biggest thing I need to get running now is the FTP part - I cannot get it to push through nor will it register on the firewall log that it’s being blocked. — Ryan