Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Public IP from LAN Issues

    Scheduled Pinned Locked Moved 1.2.1-RC Snapshot Feedback and Problems-RETIRED
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      compucoder
      last edited by

      Hi guys,

      First off, thanks for this great product, other than a couple minor issues it performs beautifully and the quality of the product is apparent!

      We setup 1.2.1 today using the LiveCD to test out the product for replacing the Ubuntu / ShoreWall system I built a while back. We managed to solve all issues except for one…

      We have 5 public IP's and set 4 of them up as virtual carp IP's and also on 1:1 NAT. We want to be able to access our servers using the public URL's which works for all servers except for the FTP server. When I go to ftp://mydomain.com from inside the network it just times out - not even an auth prompt. Using a ftp client like filezilla doesn't work either. It works fine from the outside so the 1:1 NAT and rules are working. Now, the strange part is, on that same server we have a web server on port 80 and that will work from inside the LAN using the public IP just fine. I really don't understand how 1 could work and not the other.

      I tried enabling / disabling the userland proxy many times to see if that was the problem and that had no effect. I am not sure if I stumbled on a bug in pfSense or if I just don't know how to do this properly.

      Any suggestions or info would be appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        http://forum.pfsense.org/index.php/topic,7001.0.html

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • C
          compucoder
          last edited by

          I did see this post and read it but I don't think this will help. It says 1:1 doesn't work with reflection but that isn't true - it is working for everything except FTP. I added NAT rules that should work but is doesn't. This seems like a bug in the system to me.

          Do you have any suggestions on how to get FTP to work with 1:1 NAT and reflection?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            I'm not sure why it works at your place. Maybe you've configured more than just the 1:1 NAT.
            But 1:1 NAT definitly does not work with NAT-reflection

            I would setup split DNS since you're accessing the servers via the name and not the IP.

            If you have problems with ftp i can only suggest:

            @http://forum.pfsense.org/index.php/topic:

            1: Disable the ftp-helper on all interfaces.
            2: Define a port-range on your ftp-server for the data-transfer.
            3: forward port 21 and your data-transfer-range to your server.

            Also i wouldnt bother with 1:1 NAT and only use normal port-forwards and aliases.
            –> NAT-reflection will work.

            You can create an alias for each server and define what ports you want to use on it.
            Use this alias in the port-forward-rule and the firewall-rule.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.