Limiters with passive FTP

Turranius

Greetings.

I tried searching for this issue but could not find an easy answer.. example: https://forum.pfsense.org/index.php?topic=35126.0

So, I have a FTP that uses passive ports since I'm using NAT. Its total range is 21,4000-5000 (passive ports).

I wanted to set up limiters to say, 3 MB in, 2 MB out.

I set up the limiters and added them to a LAN rule for the IP of the FTP server (whole server. not just a range). However, the FTP still seems to be using unlimited bandwidth.
So I just change the IP on the LAN rule to my local machine for testing and it works just fine. I'm locked down just as expected.

Change the IP back to the FTP server but nothing happens there. Still full throttle.

Am I missing something?

Version is 2.3.2-RELEASE-p1 (amd64)

Thanks!

Edit: This does not seem to have anything to do with the limiters either. If I change the LAN rule to "block" and set my workstation IP, I can not reach anything on the internet, as expected.
If I change it to the FTP server IP, I can not reach anything there either, but the FTP PASV traffic is not affected. Users are still able to connect and download/upload to it.

Is it because I have those ports opened and forwarded in a WAN rule and that takes precidence somehow?

doktornotor

Try 2.4

Turranius

@doktornotor:

Try 2.4

Thank you. Is that stable for a simple firewall running at home?

doktornotor

Shrug, it's beta. Regardless, if you want limiters working with NAT, that's the only viable option.