Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP Server behind Pfsense 2.0.1 release amd64 and Dual Wan

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hunters
      last edited by

      Hi Everybody,
      I'm setting up an FTP server behind PFsense 2.0.1 Release amd64 in a dual wan environment.
      My setup is:

      WAN1: Static Public IP used for default internet traffic out form LAN but not the default gateway interface. I have a Limiter and Queues on this interface to manage priorities and limit the outgoing traffic of clients to leave some bandwidth free for VoIP and other critical services.
      WAN2: Static Public IP used for IPsec VPN and PPTP VPN and this is the default gateway interface because the IPSec and PPTP only work if the interface is the default gateway.
      LAN: usual LAN address 192.168.0.0/24

      I use linux command line ftp client with Extended Passive mode to make the tests from the outside.
      If i setup a Port Forwarding from WAN1 to the ftp server internal IP it works well but only if the transfer take less tha 2 minutes (more or less) to be completed.
      If the transfer take more than 2 minutes the transfer hang (the client say Stalled) and i see on the Firewall logs of PFsense box that the data packets and Ack packets from the server to the FTP client start to exit from the WAN2 interface (and are blocked from the firewall because there is not a started TCP connection opened on the interface since the session started on the WAN1 interface) and no more from the WAN1 interface.

      It seems to be a problem of tracking the NAT session (probabily the one started on port 21 from the client) that reach some sort of timeout and expire… After this session expire the Pfsense have no more record that the outgoing packet of the session should go out from WAN1 and start to put it out from the default gateway interface.

      To be sure of this i tried to set up the same rule on WAN2 and the proble doesn't occur.

      Another thing is that i read a lot aroud about an FTP Helper to be enabled/disabled on the interfaces but i don't found anything on PFSense 2.0.1 about it. May be it have been removed or somethink like this. Can you give me any help about the issue?

      Thank you
      Regards,
      Hunters

      1 Reply Last reply Reply Quote 0
      • S
        SeventhSon
        last edited by

        I'd say set up you FTP server to go out only on one WAN (outbound rule), that should fix the problem.

        @hunters:

        Another thing is that i read a lot aroud about an FTP Helper to be enabled/disabled on the interfaces but i don't found anything on PFSense 2.0.1 about it. May be it have been removed or somethink like this. Can you give me any help about the issue?

        I think this is now here:
        System: Advanced: System Tunables : debug.pfftpproxy

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.