http://wiki.pfsense.com/wikka.php?wakka=FTPTroubleShooting

@hex2bin:

did you plug in WAN and LAN into the same physical network?

Jepp, the firewall just acts as a webfilter, so it is no security problem.

But it is a networking problem - your firewall can't have two interfaces on the same subnet, and it's never good to have both on the same broadcast domain.

What do you mean by web filter? What are you wanting to accomplish?

Yes.  Basically how IP works.

I musta been delirious from being out in the sun all muddied up yesterday or something because I just now tried this at our office and it's working fine.  I didn't change my setup  ???

Oh well, it works so I'm not gonna complain.  :P

Good to hear  :D

the error with  oracle listener nat, by default port 1521, was that i push the rules at the end, so, change , and push the firewall rules at top of list, and found OK.

pd: sory by my english boys.

sorry guys for asking that silly question I didn't really think through what I was doing. It is all sorted. Memory block  ???

sullrich, yeaaaa, thanks sr. just in the target *

more status on this issue as of today it is no longer working and this is with the other rule in place.

Here are the logs

Apr 23 18:04:39 pf: 10. 726712 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48
Apr 23 18:00:32 pf: 156. 377540 rule 38/0(match): pass in on xl0: 192.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
Apr 23 17:57:56 pf: 23. 546766 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 192.43.244.18.123: NTPv3, symmetric active, length 48
Apr 23 17:57:32 pf: 86. 472199 rule 38/0(match): pass in on xl0: 192.X.X.X.123 > 207.46.130.100.123: NTPv3, symmetric active, length 48

Windows reporting time period exspired

Here are the rules

UDP  *  *  *  123 (NTP)  *  NTP Rule

Update

Removed the first rule and it looks to have returned again. I think I may have found something not 100% sure but it does fail on the first appemt but does complete on the second third and forth attempt.

Ok…

Disregard. I figured it out. The problem had was a bad route.

Yep!  Thats it!  I didn't realize (and i should have, im an idiot) that their is the implicit deny all.  A simple permit all allowed traffic to flow.

Thanks for helping a n00b out!

Aliases work for every input field with red background.

pfSense operates on the packet incoming to an interface which creates a state.

So think of it as incoming to a interface initially (SYN).

"other" won't generate any layer2 messages. This can be useful if the IPs are routed to you anyway. If you need to answer with ARP for your VIPs you have to use ProxyARP or CARP.

This does not make any sense.

Are you on the latest snapshot?    If so please remove all ftp port forwards and firewall rules for 21 and readd.

Then do this from the console or ssh:

ps awwux | grep pftpx

I would like to understand why this work for you when clearly it should not (port 20).

Btw, portforwards work with natreflection, 1:1 nat not, only in case you need that feature.

Try a recent snapshot, FTP should work out of the box now. seems to fix all the problems people were having.
http://snapshots.pfsense.com/FreeBSD6/RELENG_1/

As hoba said, 1:1 NAT is not a security issue unless you want to make it one. If you have as many IP's as internal servers, it's usually preferable to use 1:1 NAT over port forwarding.

Firewall -> NAT -> Port Forward