Full access to ftp server on WAN only works if no static assigned

  • I have two pfsense at 1.2.3 Release.
    MODIFIED - the setup: Users have private IPs. Some users need their own WAN ip so I add a 1:1 NAT and add Virtual IP using an open WAN address.

    Users on my network who do not have a static IP assigned do not have any problems with fully accessing ftp servers on the Internet.

    However, Static IP users cannot fully access ftp servers (using passive or not). By "fully", I mean they can log in to ftp servers but using simple ftp commands like ls or mget fail.

    Again, I setup statics on my network by adding a 1:1 NAT and Virtual IP (Proxy Arp). FTP helper is ON for LAN ("Disable the userland FTP-Proxy application"  is unchecked) and it is off (checked) for the WAN interface.  I tried turning on ftp helper for the WAN, FTP still fails on ls and mget.

    What can I do to allow static IP users to use simple ftp?
    I have been to this link--> http://doc.pfsense.org/index.php/FTP_Troubleshooting
    It says:
    "For client FTP outbound from 1:1 hosts, the FTP proxy will not function. If your host requires outbound FTP using the FTP proxy, you need to use port forwards + Outbound NAT rather than 1:1 NAT"


    Is the above my only option? Accessing FTP servers out on the Internet should not be so difficult for pfSense.
    I have OUTBOUND NAT set to "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" with the following entry:

    WAN  *  *  *  *  *  NO

    Is the above correct? If so, what port forwards need to be set on which interface to make ftp work "fully"?

Log in to reply