Public IP from LAN Issues
-
Hi guys,
First off, thanks for this great product, other than a couple minor issues it performs beautifully and the quality of the product is apparent!
We setup 1.2.1 today using the LiveCD to test out the product for replacing the Ubuntu / ShoreWall system I built a while back. We managed to solve all issues except for one…
We have 5 public IP's and set 4 of them up as virtual carp IP's and also on 1:1 NAT. We want to be able to access our servers using the public URL's which works for all servers except for the FTP server. When I go to ftp://mydomain.com from inside the network it just times out - not even an auth prompt. Using a ftp client like filezilla doesn't work either. It works fine from the outside so the 1:1 NAT and rules are working. Now, the strange part is, on that same server we have a web server on port 80 and that will work from inside the LAN using the public IP just fine. I really don't understand how 1 could work and not the other.
I tried enabling / disabling the userland proxy many times to see if that was the problem and that had no effect. I am not sure if I stumbled on a bug in pfSense or if I just don't know how to do this properly.
Any suggestions or info would be appreciated.
Thanks.
-
http://forum.pfsense.org/index.php/topic,7001.0.html
-
I did see this post and read it but I don't think this will help. It says 1:1 doesn't work with reflection but that isn't true - it is working for everything except FTP. I added NAT rules that should work but is doesn't. This seems like a bug in the system to me.
Do you have any suggestions on how to get FTP to work with 1:1 NAT and reflection?
Thanks.
-
I'm not sure why it works at your place. Maybe you've configured more than just the 1:1 NAT.
But 1:1 NAT definitly does not work with NAT-reflectionI would setup split DNS since you're accessing the servers via the name and not the IP.
If you have problems with ftp i can only suggest:
@http://forum.pfsense.org/index.php/topic:
1: Disable the ftp-helper on all interfaces.
2: Define a port-range on your ftp-server for the data-transfer.
3: forward port 21 and your data-transfer-range to your server.Also i wouldnt bother with 1:1 NAT and only use normal port-forwards and aliases.
–> NAT-reflection will work.You can create an alias for each server and define what ports you want to use on it.
Use this alias in the port-forward-rule and the firewall-rule.