5. Public IP from LAN Issues

Public IP from LAN Issues

  • C

    Hi guys,

    First off, thanks for this great product, other than a couple minor issues it performs beautifully and the quality of the product is apparent!

    We setup 1.2.1 today using the LiveCD to test out the product for replacing the Ubuntu / ShoreWall system I built a while back. We managed to solve all issues except for one…

    We have 5 public IP's and set 4 of them up as virtual carp IP's and also on 1:1 NAT. We want to be able to access our servers using the public URL's which works for all servers except for the FTP server. When I go to ftp://mydomain.com from inside the network it just times out - not even an auth prompt. Using a ftp client like filezilla doesn't work either. It works fine from the outside so the 1:1 NAT and rules are working. Now, the strange part is, on that same server we have a web server on port 80 and that will work from inside the LAN using the public IP just fine. I really don't understand how 1 could work and not the other.

    I tried enabling / disabling the userland proxy many times to see if that was the problem and that had no effect. I am not sure if I stumbled on a bug in pfSense or if I just don't know how to do this properly.

    Any suggestions or info would be appreciated.

    Thanks.

    0

  • http://forum.pfsense.org/index.php/topic,7001.0.html

    0
  • C

    I did see this post and read it but I don't think this will help. It says 1:1 doesn't work with reflection but that isn't true - it is working for everything except FTP. I added NAT rules that should work but is doesn't. This seems like a bug in the system to me.

    Do you have any suggestions on how to get FTP to work with 1:1 NAT and reflection?

    Thanks.

    0

  • I'm not sure why it works at your place. Maybe you've configured more than just the 1:1 NAT.
    But 1:1 NAT definitly does not work with NAT-reflection

    I would setup split DNS since you're accessing the servers via the name and not the IP.

    If you have problems with ftp i can only suggest:

    @http://forum.pfsense.org/index.php/topic:

    1: Disable the ftp-helper on all interfaces.
    2: Define a port-range on your ftp-server for the data-transfer.
    3: forward port 21 and your data-transfer-range to your server.

    Also i wouldnt bother with 1:1 NAT and only use normal port-forwards and aliases.
    –> NAT-reflection will work.

    You can create an alias for each server and define what ports you want to use on it.
    Use this alias in the port-forward-rule and the firewall-rule.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy