• My Working FTP Setup for FTP and SFTP and FTPES

    Locked
    2
    0 Votes
    2 Posts
    9k Views
    S

    1.  pfSense and FTP Passive ftp using these suggestion you mentioned with NAT and rules
    2.  change the settings of your ftp server to actually use PASSIVE setting (consult your ftp server vendor's manual - in my case G6ftp)

    Thanks to bits and pieces everywhere on these forums, PASSIVE is Now working

    NOTE:  From a security standpoint, PASSIVE FTP is more secure (thus better) because you do not have to open up Outbound ports to ALL!

  • Virtual domains in DMZ

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M

    Wow! User error strikes again, and I feel like a jackass for posting now. :)

    I changed my IP scheme w/ this migration and forgot to change it for the virtual hosts inside httpd.conf.

    …stupid.

    Thanks for all the great work on this project.

  • NAT

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    B

    Have you UNCHECKED the "Disable NAT reflection" option?

    http://hightechsorcery.com/2008/11/nat-reflection-pfsense-firewall

    Cheers,

    Bern

  • Specifying Source in NAT rule

    Locked
    10
    0 Votes
    10 Posts
    3k Views
    dotdashD

    I think one problem is that giving users more options gives them more opportunities to screw things up. I can see specifying the source for NAT being useful, but it would be a rarely-used option that only a handful of people would ever need. I would love to see an 'expert' box hidden under several warnings that would allow you to input raw syntax for a rule. It wouldn't have to attempt to display it, just add it to the ruleset. I have had couple of times when I wanted to do something unsupported by the GUI, like outbound NAT vs an address pool, pointing a fw rule to a custom table, etc.

  • Port forward does not work

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    N

    I use https, so 443..

  • Simulating rv042 behaviour

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    B

    Ah, so you only have the one public IP address?

  • Port Forward-Basic Setup

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D
    Destination port range: from: (other) 58585 to: (other) 58585

    and

    External port range: from: (other) 6112 to: (other) 6112

    Maybe V
    Destination port range: from: (other) 6112 to: (other) 6112

  • Changing state time outs..

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    advanced –> Firewall Optimization Options --> aggressive

  • External Squid

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M

    Create a new NAT Rule on the LAN Interface, ext. address any, ext. port 80, nat ip [your squid server], local port: [squid servers port] and your done.

    greetz

  • 0 Votes
    4 Posts
    3k Views
    E

    Show the output of the routing table on pfSense and give the Pppoe server configuration and an output of ifconfig command.

  • FTP setup and I dont know what to do ?

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    D

    with an alias you essentially create a group of hosts and bind them to an easy to remember name, say for example:  "FTP friends" and then add all the IP addresses you want to have access to your FTP.  Then when you create your NAT to your ftp, you specify the source as your newly created "FTP friends" alias.  So in the future if one of those ip addresses change, you just have to modify the alias and not the NAT rules, saving a little time.

  • Strange behaviour with NAT, reflection and protocols like ESP

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • How to enable port forwarding?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    P

    Thanks for the reply.

    I did try moving the listening port to something other than 22 and I also tried ssh -p portnumber user@pfsence.box

    With both of these the session just hangs until it times out. Logging is enabled and, eventually I did see some errors from the correct inbound address:

    Dec 9 17:04:38 WAN xxx.xx.xxx.xxx:4045 xx.xx.xxx.xx:135 TCP Dec 9 17:04:05 WAN xxx.xx.xxx.xx:22 xx.xx.xxx.xx:64909

    The rule that triggered this action is:

    @61 block drop in log quick all label "Default block all just to be sure."

    If I can get my rule above this one, I might be in with a chance but I can't see it my list.

    I am a bit lost. I am not sure if the issue is the ssh command, the pfsense config or a routnig issue.

    What I do know is that the sshd on the internel host is not being contacted.

    :-\

  • Multi LAN - one behind router, other not

    Locked
    23
    0 Votes
    23 Posts
    12k Views
    E

    i found the solution.

    i contact the VSAT technicians. So, we try up the topologi.

    MTU is the PROBLEM !!!

    so, we have to give the same MTU at the cisco router and so the pfsense, so they can communicate.

    Previous setting, MTU at pfsense 1500, and the cisco router 512.
    So, i set the MTU at pfsense 576, and the cisco router 576.

    The technicians said, it strange. Because in cisco router, it's already been set up that the cisco router will negotiate the MTU if its below it or above it. But when trying communicate with pfsense, the policy seems not working.

    But, well…it's already been solved now. It's not the NAT problem, policy problem, or anything else.
    It's the MTU setting.

    Thanks for all.

    If anyone can give me how we can negotiate the MTU and communicate with cisco smoothly, please don't hesitate.

  • (S/D)NAT routed IPs possible?

    Locked
    15
    0 Votes
    15 Posts
    8k Views
    H

    O.K. I solved this. Didn't have to split my C/24 afterall! I route it thru but for certain IPs i redirect the traffic with S/DNAT rules to SERV and LAN. This can be achieved with combination of different netmasks for VIPs.
    So the answer to my top post is YES. :-)

    Thank you all for your help. :-)

  • Cannot load webconfigurator after editing port forward

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A

    thanks

    i did it last night, it works again

    problem's solved!  8)

  • PPTP and NAT

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    C

    Fixed. I was using a different range in the NAT rules then what the PPTP clients were being assigned. Oops!

  • 1:1 NAT on CARP VIP - Inbound works great, problems with outbound

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    P

    Do you have anything in the firewall log?

    As a add to this place a rule above with the servers ip as source and tick log.
    Diagnostics -> Packet Capture can also be helpful.
    Did you try wget to another server?

  • How does PFsense rewrite nat IP's (or port/forwarding/1to1 nat problem)

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    GruensFroeschliG

    This is how NAT works.
    What you want is source NAT.

    This came up once and i suggested to enable Advanced outbound NAT, and NAT from the WAN to the LAN.
    However, i never got feedback if that worked
    (It was just an idea, i never actually tried that)

  • Port forward Not doing anything.

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    D

    Have tried HTTP(S), triple check the gateway and is correct host gateway is going to firewall.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.