FTP in kernel helper - what does it do and does it work
-
Hi
I am currently running pfsense 2.0 aa on bsd 7,
I am having difficulty with (remote) FTP servers and multi-wan
[ I know this is a problem many people have ]As I understand the problems, I would need the following to fix them
Passive : the 'helper' would need to make sure my data connection routed out of the same wan interface as my ctrl connection
Active : the 'helper' would need to add a NAT / firewall rule to Nat the server initiated data connection back to the clientMy questions are ( for now ) as follows
1 - does the in kernel helper try and achieve either / both / none of these ??
2 - is the in kernel helper in the bsd 7 build of 2.0 ( or just 8.0 )
3 - is the in kernel helper considered fully / partialy / not working at the momentThanks,
AJ
-
It is supposed to handle everything in ftp.
Try rdr a ftp port in 2.0 which was not that fun on 1.2.3 ;)Please get tcpdump traces with full packet contents for the cases it does not work.
BTW are you running ftp on normal port!? -
When the network is quiet i will grab some dumps with tcpdump -i em{0/3} -vvvXs 0 host {ftpserver} - do you need lan and wan ??
To clarify,
the client is in my wan,
the server is on the internet,
the servers are 3rd party so I cannot change config on them,
the servers are running on port 21 with both active and passive support.I did wonder if this might be a problem with double NAT - as my wan connection is on a class C to an adsl router and is natting out of that [not bridging] ??
Will post the dumps soon
AJ
-
I wonder if your other nat is doing this.
Anyway post dumps from lan and wan and i will get you an answer.
-
why aren't people just forwarding the listening port, the data port and a pasv port range. That's the normal thing to do on a regular firewall/nat device.
-
On 2.0 you just need to rdr the listening port but this is the other issue the client behind a nat.