• FTP connection error via filezilla

    6
    0 Votes
    6 Posts
    560 Views
    johnpozJ

    @twg

    Where are you trying to ftp from?? Where is the client?

    So this server is on say 192.168.0.100 behind pfsense.. And you out on the internet want to ftp to it..

    So you forwarded 21 to your ProFTPD Server (ProFTPD) [192.168.0.122] on pfsense.. Did you forward the passive ports? You setup in proftpd to use?

    Did you setup proftpd to send your correct public IP?

    I connected to the IP you use to connect to the forums so I could see if ftp even answered.

    For passive to work, you also have to forward the ports the server will use for its passive ports.. I can not get logged into see what it sends, If you PM me an account that would work I could see what its sending for the port, or try active where it would connect to my client.

    Is your server a plesk?

    https://www.plesk.com/kb/support/how-to-configure-the-passive-ports-range-for-proftpd-on-a-plesk-server-behind-a-firewall/

    It defaults to a really large passive range 49152-65535 , I would for sure change that to something more like 100 ports or even just 10 if you don't have lots of clients at the same time.. Then you need to forward those ports on pfsense to I assume 192.168.0.122, without the passive ports being forwarded then no the data channel will never work when the client uses passive mode. Even if you told the client to use the IP you connected to when the server sends rfc1918 IP.

  • Unable to NAT an external ip to a gateway on another network

    11
    0 Votes
    11 Posts
    1k Views
    V

    @VincentEmmanuel
    The outbound NAT should not be required here. All traffic will be controlled by routes if pfSense is the default gateway in both networks.

    With the static route, when the DMZ server sends a packet to 172.16.1.3, it is routed to pfSense, since that's the default gateway. pfSense forwards it to the CATO due to the static route and the CATO forward it to the destination host, since it knows the route to it (however, your graphic is missing 172.16.1.3, so I don't know, how this is set up).

    Presupposed the CATO is the default gateway on 172.16.1.3, the response packet will be routed to it, and there it is forwarded to pfSense, since this is the default gateway on the CATO, as you said. pfSense has an existing state for the packet and will forward it to the DMZ server.

  • Redirecting outcoming traffic

    29
    0 Votes
    29 Posts
    995 Views
    johnpozJ

    @pedreter it is routed through pfsense is it not?

    If I look up in the internet routing.. for the IP on this server it ends up on the pfsense wan IP does it not? If the network is routed at the isp and you bridge this network to the servers.. I do not think the redirection via a port forward would work..

  • Trying to access Admin GUI via Tailscale

    1
    0 Votes
    1 Posts
    148 Views
    No one has replied
  • Utilizing single tunnel to be routed to different gateway

    10
    0 Votes
    10 Posts
    604 Views
    V

    @depam said in Utilizing single tunnel to be routed to different gateway:

    Anyway, the latency between Site B and C is quite high hence I want to route it via Site A which is faster since its already in the hosted in AWS cloud.

    I don't get it. If there is high latency from B to C I'd assume, it's either on the B's upstream connection or on C's. So if you go from C > A > B > internet, I'd expect that you have at least the same high latency, since the problematic path is inevitably part of this new path.

    Preferrably, go to Site A but can have the slower connection as backup via Gateway Group. I have tunnels across all sites A, B and C configured with /30 (Peer to Peer TLS) approach similar to the depracated Shared key. In addition, Site B have openvpn client connecting to an external site.

    The problem you're facing with this is, if set the routes in the VPN connections with the "Remote Networks" and both VPNs are connected (A <=> B / A <=> C and B <=> C) you would have two routes between B and C. I don't know, which one is taken in this case. I guess, that one which is established at last, but not sure.
    So I cannot say, that this will work as intended.

    However, it should work if you desable B <=> C though.

    How did you configure the gateway groups?

  • Port Forward from OpenVPN to IPSEC

    3
    0 Votes
    3 Posts
    302 Views
    S

    @viragomann That Worked!

    Thanks a lot ✌

  • split dns problem

    2
    0 Votes
    2 Posts
    221 Views
    No one has replied
  • UPNP Security - Xbox One

    8
    0 Votes
    8 Posts
    4k Views
    JonathanLeeJ

    Also make sure you are not blocking multicast traffic if you are UPNP will not work.

  • How to create static routing in Mikrotik for PfSense server?

    4
    0 Votes
    4 Posts
    539 Views
    R

    @viragomann Thanks, I'll check the link.

  • Port Forwarding

    5
    0 Votes
    5 Posts
    568 Views
    MarkCabreraM

    @johnpoz
    i already enable the non-local gateway still the gateway is offline 100% Packetloss.

  • NAT Redirect for DNS

    1
    0 Votes
    1 Posts
    149 Views
    No one has replied
  • Port Forwarding From Port to Different Port, i.e. port 8087 to port 80

    11
    0 Votes
    11 Posts
    1k Views
    J

    @johnpoz

    Yep!

    I've got a headache!! But I am understanding a LOT more.

    Again, thank-you!! You sir are awesome!

    John

  • OpenVPN connectivity problems

    4
    0 Votes
    4 Posts
    324 Views
    V

    @asiawatcher
    Just obey my suggestions and it should work.

  • OpenVPN & dedicated static ip

    9
    0 Votes
    9 Posts
    515 Views
    A

    @kiokoman sorry outbound rules are for all the lan yes so nas itself also

  • Accessing Plex Via the App

    2
    0 Votes
    2 Posts
    179 Views
    L

    this fixed my issue for anyone else finding there way to this same issue alt text
    https://www.reddit.com/r/PleX/comments/77b151/can_access_server_via_browser_but_not_apps/

  • NATed response exits wrong WAN interface

    7
    0 Votes
    7 Posts
    504 Views
    V

    @AkkerKid-0
    pfSense applies only one single filter rule on incoming packets. But there is a strict order and the first which matches gets applied.
    See Rule Processing Order for details.

  • Issue nat always need to reboot

    12
    0 Votes
    12 Posts
    1k Views
    K

    hi @johnpoz so i ended up rebooting and started to work, very odd cant seem to find out the issue

  • Routing NAT out WAN, but using DMZ address

    2
    0 Votes
    2 Posts
    303 Views
    D

    @dmayle Self-replying here.

    It looks like I should be using a VIP (Virtual IP Address) of type "Other":

    Other type VIPs define additional IP addresses for use when ARP replies for the IP address are not required. The only function of adding an Other type VIP is making that address available in the NAT configuration drop-down selectors. This is convenient when the firewall has a public IP block routed to its WAN IP address, IP Alias, or a CARP VIP.

  • NAT Reflection Auto Outbound NAT

    6
    0 Votes
    6 Posts
    904 Views
    planedropP

    @SteveITS Correct, but this is in relation to NAT reflection, so the IP is being accessed externally.

    I just didn't understand this setting until now. All it's doing is NATing the source IP to the routers IP on that interface, this way if the client tries to connect to the web server's public IP, but the web server is on the same subnet as the client, the web server itself sees the connection coming from the routers default gateway IP, this way it responds back to the router instead of trying to direct connect to the client (since they're on the same layer 2), so that the NAT reflection can NAT things back like it should.

    I was trying to figure out why NOT having this setting enabled under Advanced > Firewall & NAT was still working, but that was simply because the NATing of the source was not necessary since the web server is on it's own subnet, so the web server is going to reply to the default gateway on it's subnet regardless.

    As for split DNS that is exactly what I would normally do, but this is a bit more complex of an environment, but NAT reflection works perfectly in the meantime, I was just trying to be sure I fully understood the settings I was looking at.

    All makes sense now though! Appreciate the replies here.

  • SOLVED - NAT 1:1 between VLANs over a Virtual IP

    8
    0 Votes
    8 Posts
    3k Views
    C

    Hi Derelict!
    I am in the exact same situation as NekoSema and tried to solve it the same way, before stumbling upon this thread.
    I already did what you said, except for:

    "X.X.28.3 needs to know to route traffic for X.X.96.0/24 back to pfSense. (Guessing on the subnet since it was unspecified.)"

    I don't know how to accomplish that. I thought it might be a static route, but I don't know how to define it.
    I know this thread is old, but it is the exact description of the situation that I am facing.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.