Can not access FTP port forward from internal network
-
Hi,
I am using PFSense 2.0-RC1 (i386) built on Mon Feb 28 18:12:00 EST 2011
I am trying to publish an internal FTP-server.
I have created the forward rules under "Firewall: NAT: Port Forward" and forward port 21 and ports 49100-49300 to the internal FTP-server. I have configured the FTP-server to limit the passive portrange to 49100-49300.
From an external network I can connect to the FTP-server, and download/upload files, no problems, using passive FTP.
But if I try to connect to the same IP from the internal network, ie using the DNS-name that points to the external interface on PFsense, I can login but not list files, the FTP-cilent just times out waiting for the file-listing.
I can connect to the FTP-server's internal IP just fine, and I also have a webserver running on the same machine, and that port forward can be accessed from the internal network without problem.
The FTP-server is ProFTPD Version: 1.3.1 on Debian 5.0.3
I know split-dns is a solution, but I rather just get the port-forwards to work.
-
Have you enabled NAT reflection?
Steve
-
I tried enabling it for both rules, but that didn't help. Do I need to enable it somewhere else to?
Also, under "System: Advanced: Firewall and NAT" , "Disable NAT Reflection for port forwards" is not checked.
/DJ
-
I do not think ftp works correctly with nat reflection.
Please create a dns entry for your internal LAN to resolve to the internal ip.
