Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFTPX fails to launch helper on Multiple VIP setup.

    Scheduled Pinned Locked Moved 1.2.1-RC Snapshot Feedback and Problems-RETIRED
    3 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cubert
      last edited by

      This was present in ver 1.2 and still is in 1.2.1-RC2 Build Nov 8th.

      We had Centipede support look at this and they confirmed it as a known bug and said it was repaired in 1.2.1-RC.

      Unfortunately we still seem to have the same problem, here is the scenario…

      Dell PE 850 2GB RAM and 6 NICs

      2 BroadcomGB
      4 port Router Board 44

      WAN ->bge0
      LAN ->bge1
      CARP ->VR0
      LAN-SUb2->VR1
      LAN-SUB3 ->VR2
      LAN-Sub4 ->VR3

      WAN = 1 static Internet IP and 245 VIP(Carp)
      LAN - 1 static (Internal SUB-A) + 1 CARP failover IP
      Carp -1 static (Internal Sub-B) + 1 CARP failover IP
      LAN2 - 1 static (internal SUB -C) + 1 CARP failover IP
      LAN3 - 1 static (internal SUB -D) + 1 CARP failover IP
      LAN4 - 1 static (Internat SUB -E) + 1 CARP failover IP

      WAN Nats all Internet IP's to LAN systems across all but CARP Interfaces. (aprox 40 systems)

      Problem:
      After creating multiple NAT rules to allow FTP from different Internet IP's to separate backend systems across any LAN interface and upon a reboot of the firewall only one PFTPX helper service is running for each interface. There should be 1 service running for each VIP on the WAN interface that there is a FTP rule for.

      Work Around:
      We have found though testing that  if after reboot you go and edit any FTP rule (Modify description) and save it forces a reload of the firewall and FTP helper application and adds the next ftp in the list. It does seem to have  predictable loading. If you have 40 FTP NAT rules upon boot it loads rule #40, after editing any ftp rule and reloading firewall rule #39 will have been loaded.. and so on descending through the NAT FTP rules.

      The problem with the work around is with 40+ FTP rules it takes one of my techs 1.5 hours to fully bring up the firewall services after a need for reboot.

      Question:
      #1 Is the Dev team aware of this issue?
      #2 Is there a faster way for us to do a workaround until a fix can be put in place?

      P.s Kudo's DEV team as this system rocks and we really appreciate all your hard work...

      Cubert

      Cube Dweller
      www.squidworks.net

      "Give a man a fish and feed him for a day, Teach a man to fish and loose a steady customer."

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        Please update your support ticket and we'll track it down. You are working with the development team with your commercial support through Centipede. There was a known issue in 1.2, but it was fixed and confirmed fixed in 1.2.1. If this is still a problem, there must be something different happening here and we'll need to work with you to resolve it.

        1 Reply Last reply Reply Quote 0
        • S Offline
          sullrich
          last edited by

          The Devs are aware of your issue.  Please work with Centipede as cmb requested.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.