Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Full access to ftp server on WAN only works if no static assigned

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      makesense
      last edited by

      I have two pfsense at 1.2.3 Release.
      –--------------------------------
      MODIFIED - the setup: Users have private IPs. Some users need their own WAN ip so I add a 1:1 NAT and add Virtual IP using an open WAN address.

      Users on my network who do not have a static IP assigned do not have any problems with fully accessing ftp servers on the Internet.

      However, Static IP users cannot fully access ftp servers (using passive or not). By "fully", I mean they can log in to ftp servers but using simple ftp commands like ls or mget fail.

      Again, I setup statics on my network by adding a 1:1 NAT and Virtual IP (Proxy Arp). FTP helper is ON for LAN ("Disable the userland FTP-Proxy application"  is unchecked) and it is off (checked) for the WAN interface.  I tried turning on ftp helper for the WAN, FTP still fails on ls and mget.

      What can I do to allow static IP users to use simple ftp?
      ---------added---------
      I have been to this link--> http://doc.pfsense.org/index.php/FTP_Troubleshooting
      It says:
      "For client FTP outbound from 1:1 hosts, the FTP proxy will not function. If your host requires outbound FTP using the FTP proxy, you need to use port forwards + Outbound NAT rather than 1:1 NAT"

      Modified:

      Is the above my only option? Accessing FTP servers out on the Internet should not be so difficult for pfSense.
      I have OUTBOUND NAT set to "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" with the following entry:

      WAN    192.168.50.0/23  *  *  *  *  *  NO

      Is the above correct? If so, what port forwards need to be set on which interface to make ftp work "fully"?


      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.