Many topics later on FTP…
-
Two questions / comments on FTP w/pfSense.
(1) We know that FTP with 1:1 NAT is a difficult task to accomplish - without hacks. It requires trick with VIP/port forwarding. Question is this - I have 5 static ips; 4 of them I plan on using for 1:1 NAT with services other than FTP(HTTP,HTTPS, RDP, etc). On the 5th public ip I have for use on the FTP service, can I use port forwarding / VIP trick - basically, can I use a combination of 1:1 and port forwarding in my case?
(2) How will this type of difficulty with FTP be addressed in 1.3 release? Basically, will it be easier than current limitations / workarounds?
I REALLY want to replace my SonicWALLS and WatchGuards!
Thank you!
-
I would use 1:1 NAT only if you need a really large amount of ports on a server.
For everything else i'd use normal forwardings.
For the FTP to work correctly hoba wrote in several placed how to do it right (like here: http://forum.pfsense.org/index.php/topic,8464.msg47487.html#msg47487 ).If you use 1:1 NAT you can no longer use the IP for other "normal" forwardings.
Or is your question if you can use 1:1 NAT for some IP's but normal forwardings for others?
–> yes. -
I would use 1:1 NAT only if you need a really large amount of ports on a server.
For everything else i'd use normal forwardings.
For the FTP to work correctly hoba wrote in several placed how to do it right (like here: http://forum.pfsense.org/index.php/topic,8464.msg47487.html#msg47487 ).If you use 1:1 NAT you can no longer use the IP for other "normal" forwardings.
Or is your question if you can use 1:1 NAT for some IP's but normal forwardings for others?
–> yes.Are all the FTP problems faced when accessing FTP from Internet? I did not do anything besides the stock settings and yet, I have no trouble with secured as well as unsecured FTP using an IPSEC connection or PPTP connection over the internet.
Thanks