In case this helps anyone - I did not have any issues going from ProxyARP to Carp type of virtual IPs.

But when I switched back (because I never could get the FTP helper to work), the Cisco router did NOT pick up on the new MAC address, and traffic wasn't being routed properly.  I had to call my ISP and have them clear their ARP cache for that particular IP.

Ok, here's how I got around these problems, hopefully this is useful to others who are having problems with FTP.

For my windows servers, I'm installing FileZilla FTP server, and dumping IIS.   FileZilla is easy to configure a port range (vs registry hacks for IIS), and easy to configure it to use whatever IP address you want when announcing its external IP address (IIS can't even do this).   Additionally, it has a setting for NOT using this external IP when talking to internal clients!  So internal FTP still works.

For linux, I just added these options to my vsftpd.conf file.  Most other linux FTP servers will have something similar.
pasv_address=<my_external_ip></my_external_ip>
pasv_min_port=<my_beginning_port_range></my_beginning_port_range>
pasv_max_port=<my_ending_port_range></my_ending_port_range>

Then I opened that port range on the firewall for hosts that need FTP.

Still, I am hoping the FTP stuff is working better in the next release of pfSense, then we may be able to move our other public subnet over from the Cisco box to a pfSense box.

Setup VIPs for your additional IPs, add 1:1 NAT for the servers.

@Cry:

Well, that'll cause you problems (as has been said in many other posts don't do that).

It should be:

Modem –- WAN - pfSense - LAN --- Switch ---> server, desktop

yeah thats how it is now and it works good, i had to set the modem to PPPoE and do the same for pfsense.

Edit:
I see what I did wrong.

http://devwiki.pfsense.org/FTPTroubleShooting
keyword for a search: passiv +ftp

Last but not least. Why not switch to SFTP.
The why
The how

I have fixed the issue.  In case anyone else is ever curious about setting up my solution you also need to add firewall rules to permit traffic from your other networks to pass through.  Thanks for everyone's suggestions on this!

-Mark


Here is what ports I open for asterisk and mine works flawlessly.

UDP -> 5060-5082 -> SIP
UDP -> 10000-20000-> RTP
UDP -> 4569 -> IAX2

rsync through NAT shouldn't be an issue. This should help. http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

The pfSense download mirrors rsync to a server behind pfSense NAT.

Not with host headers. Might be something you can do via policy routing using other specifics.

I have fixed this problem by setting all the networks to a /24, and adding the destination network to the pfsense1 rules. All is working well now. My Wireless setup is located here http://forum.pfsense.org/index.php/topic,10077.0.html

yes but on port 441

Thanks for your response
cconk01

I think there are a few threads about the long wait for CARP interfaces during bootup.
As far as i know the problem is solved for the next version.

Hmmm. I've never experienced that i had to reboot to get CARP IP's working.
Are you sure you've waited long enough?
A reload can, depending on your setup, take quite a while.

There is a note at the bottom of the screen when you add a VIP.
Note:
ProxyARP type IP addresses DO NOT work with the FTP Helper and addon packages such as squid. Use a CARP type address in this case.

hi,
im testing Current version: 1.2.1-TESTING-SNAPSHOT.
problem still persists. i will stay tuned ….

ozett

Having trouble visualizing what the firewalls should look like to allow the server to be dmz out the wan. I have taken your advise an changed the /8 to be a /24 like the rest of the network. (See last diagram) I am very excited about this GruensFroeschli  you rock.

just need to access my home desktop http web and https for my wireless access point.