So FTP servers behind the firewall that cannot be configured to pass an external IP or use a custom data port range?

Apart from the already mentioned issues can you not persuade customers to at least use a half decent FTP server? 😖

Steve

Thank John!

@jakemendonza

When a modem is in bridge mode, it doesn't have a public ID, though the ISP may have an internal address used for management. You would likely be seeing the address assigned to the firewall/router.

hmm

What about haproxy with combination of standalone HTTP server method?
This is how I do it for all my hosts.
Acme starts http server on localhost and on haproxy I have backend on that same ip and port 80.
Then again on haproxy there is ACL path starts with /.well-known/acme-challenge and it gets redirected to backend which is actually acme standalone server :)

First thing I would do is setup your vip.. And then validate your seeing traffic to the vip before doing anything with any rules or 1:1 nat.. Since its not possible for pfsense to do anything with said traffic until it actually gets to pfsense wan.

Maybe you have something between where your trying and pfsense wan that blocks 22 (ssh).

Once you have traffic getting to pfsense on the port you want, then you can forward it to what you need be it with normal port forward or 1:1

You can recover the automatic backup from right before you made those changes if available.

Take a look at Diagnostics > Backup & Restore, Config History

Doubtful that was actually necessary. But if that's what you have done, that's where you are now.

Hello johnpoz,

thanks for your quick reply.
You re right, i made a few additional adjustments after i followed the guide mentioned above to fit the setup i need.
To do this i indeed set up the two Google DNS servers (under System -> General setup) which i associated with my regular DHCP_WAN as a gateway. Additionally i created two further DNS entries (the DNS servers of NordVPN) and selected the DHCP_VPN (client) Interface as the gateway this time.
After this i switched to the firewall rules and adjusted every ruleset thats related to "non local" traffic so that LAN and WIFI traffic have the VPN interface set as its gateway and my rules for VLAN100 have the WAN interface as the gateway.
Outbound NAT is still going over WAN for my VLAN100 subnet as well of course.

I am aware that big streamers like netflix and amazon are trying to make it difficult for you to use VPNs and such but what leads me to believe that this might not be the problem here is that if i put my traffic VLAN100 traffic through the VPN i can access amazon and netflix without any trouble.
If i use my WAN as the gateway for my VLAN100 rules several "thatsmyip" websites indicate that there everything is working just as if i wouldnt sue any vpn at all, yet i cant figure out why i run into those problems.

i got it sorted it out... the cable i was using was not good even thought it was a cat6, so now it works.
PS: router can be a modem when it has built in modem capabilities, like spectrums
cheers and thanks

@aryvart said in Can't access the firewall using WAN IP address in remote location:

I have installed pfsense 2.3.2 version

Huh?? The current download version is 2.3.5 for 32bit or pretty much anyone else on the planet 2.4.3 how is it your are installing 2.3.2??? which is from July of 2016..

WAN i'm using dedicated IP address

WTF is that? Is it rfc1918 or public?

Also if that is your wan, whre are the block rfc1918 and bogon which are default. What I suggest is reinstall pfsense using current version.. Leave it default settings. If you need to remote into this then setup openvpn since opening up your gui to the public internet is BAD!!

https://www.netgate.com/blog/pfsense-software-translations-with-zanata.html

Thanks for your reply, it's appreciated.

I'm willing to remove the IPsec link then, if there is no other way.

Basically I just want an RJ45 port on pfSense2 that connects to an RJ45 of pfSense1, like it was just a simple switch inbetween them.

So I have to use GIF then. I don't mind that the traffic is not encrypted (it's just an IPTV stream), but would that also mean that my pfSense could be entered more easily by hackers?

Can you point me a bit in the right direction? So on both sides I create a new GIF interface. What would I use as the "GIF tunnel local address" and "GIF tunnel remote address"? Can I use something random (like 10.0.0.1 and 10.0.0.2) or does it needs to be in the IP range that the TV decoder uses?

Thanks!

pfSense only need a few gigs. A better question is how much space do you need? Based on your usage, I assume you're running a proxy(squid) and the proxy's cache is eating up all the HD you can throw at it. Trying to cache the entire internet?

@jknott It has direct WAN access too. But that needs to be manually enabled, since it is established via PPPoE. There is also an internal CARP IP. That is the failover part.
For normal operation though, it uses the other pfSense as its default gateway. That is the part that is not working.

So the cisco is 172.16.0.1? Or is that pfsense itself?

Where is the route?

Seems basic routing is beyond your current skill set - so why you would want to complicate it with a downstream router is beyond me.

Cisco 2800 switch VLAN2 192.168.1.253, every used port is in no shutdown mode

Also you sway every port? The port connected to pfsense, ie your transit network wold not be the same layer 2 network as your 192.168.1 network..