<![CDATA[Public IP from LAN Issues]]>Hi guys,

First off, thanks for this great product, other than a couple minor issues it performs beautifully and the quality of the product is apparent!

We setup 1.2.1 today using the LiveCD to test out the product for replacing the Ubuntu / ShoreWall system I built a while back. We managed to solve all issues except for one…

We have 5 public IP's and set 4 of them up as virtual carp IP's and also on 1:1 NAT. We want to be able to access our servers using the public URL's which works for all servers except for the FTP server. When I go to ftp://mydomain.com from inside the network it just times out - not even an auth prompt. Using a ftp client like filezilla doesn't work either. It works fine from the outside so the 1:1 NAT and rules are working. Now, the strange part is, on that same server we have a web server on port 80 and that will work from inside the LAN using the public IP just fine. I really don't understand how 1 could work and not the other.

I tried enabling / disabling the userland proxy many times to see if that was the problem and that had no effect. I am not sure if I stumbled on a bug in pfSense or if I just don't know how to do this properly.

Any suggestions or info would be appreciated.

Thanks.

]]>https://forum.netgate.com/topic/11183/public-ip-from-lan-issuesRSS for NodeSun, 19 Apr 2026 14:54:34 GMTWed, 01 Oct 2008 04:33:53 GMT60<![CDATA[Reply to Public IP from LAN Issues on Wed, 01 Oct 2008 13:41:17 GMT]]>I'm not sure why it works at your place. Maybe you've configured more than just the 1:1 NAT.
But 1:1 NAT definitly does not work with NAT-reflection

I would setup split DNS since you're accessing the servers via the name and not the IP.

If you have problems with ftp i can only suggest:

@http://forum.pfsense.org/index.php/topic:

1: Disable the ftp-helper on all interfaces.
2: Define a port-range on your ftp-server for the data-transfer.
3: forward port 21 and your data-transfer-range to your server.

Also i wouldnt bother with 1:1 NAT and only use normal port-forwards and aliases.
–> NAT-reflection will work.

You can create an alias for each server and define what ports you want to use on it.
Use this alias in the port-forward-rule and the firewall-rule.

]]>https://forum.netgate.com/post/182525https://forum.netgate.com/post/182525Wed, 01 Oct 2008 13:41:17 GMT<![CDATA[Reply to Public IP from LAN Issues on Wed, 01 Oct 2008 12:55:59 GMT]]>I did see this post and read it but I don't think this will help. It says 1:1 doesn't work with reflection but that isn't true - it is working for everything except FTP. I added NAT rules that should work but is doesn't. This seems like a bug in the system to me.

Do you have any suggestions on how to get FTP to work with 1:1 NAT and reflection?

Thanks.

]]>https://forum.netgate.com/post/182522https://forum.netgate.com/post/182522Wed, 01 Oct 2008 12:55:59 GMT<![CDATA[Reply to Public IP from LAN Issues on Wed, 01 Oct 2008 06:01:40 GMT]]>http://forum.pfsense.org/index.php/topic,7001.0.html

]]>https://forum.netgate.com/post/182490https://forum.netgate.com/post/182490Wed, 01 Oct 2008 06:01:40 GMT