Portforwading not working default nat reflation



  • Hello,

    I'm newbie to pfsense, I have forwarded my port 21 and was not able to get it work. I have seen on youtube how to setup port forwarding Youtube link and I have exactly made same config like on youtube link.

    Under nat reflaction he have set config as default (My default is disable).... and it wasn't working for me. When I changed it to NAT PURE or NAT PROXY than it works.
    Can somebody explain me am I done it right or it's wrong configuration.


  • LAYER 8 Global Moderator

    have no idea what your trying to do exactly? Assume from 21 your trying get server behind pfsense working?

    Why would you need to forward 21 if your server is on the same lan as this ftp server... nat reflection is only use for hitting the wan IP to get forwarded back in... Pretty pointless!! And only need when shit is hard coded with some wan IP - ie borked out of the gate anyway.



  • I was need to open port 21 for public connection so I can access my ftp server outside my network.


  • LAYER 8 Global Moderator

    that has ZERO to do with nat reflection - ZERO!

    If you want to test if your port forward is working - then you need to come from outside, you can not test it from inside your network hitting your public IP... You actually have to be on the public side... use say canyouseeme.org to validate if port is open and working.

    If your wanting to use ftp server as passive, then your going to need to forward the passive ports as well.



  • This post is deleted!


  • @johnpoz I'm understanding now and I was think that if i run it as public ip that I connecting as outside man. But it seams that I'm wrong.

    Now I have changed it back and it looks http://canyouseeme.org/ that it is opened.

    Thanks for your help.


  • LAYER 8 Global Moderator

    And is your server going to be serving active or passive clients or both? If passive your going to have to port forward the passive ports. And make sure that the ftp server hands out your actual public IP, not its rfc1918 address.

    You should also be aware that ftp should of died off like 10 years ago, and is NOT secure!! Why can not just run sftp server?



  • @johnpoz yes I have made it passiv too and portforwarded. I must use it because my hosting provider only supports FTPs and that's why. Normally I using sftp but here it still behinde. Hope one day it fixing this.


Log in to reply