FTP NAT problems with 2 external IP and 2 internal IP



  • I've two FTP servers and I NAT from the WAN the first on the LAN IP's (IPWAN01 to IPLAN01 and IPWAN02 to IPLAN02) and it work correctly I can access on my servers for the both external IPs. After I add some other rules for differents services for services I have on the lan network and the FTP work only on one server not on both (exemple from IPWAN01 but not from IPWAN02). To solve this problem I need to remove the both NAT and RULES for FTP on the firewall and add again and it work correctly.
    I run on the last version of pfsense : 1.0.1

    Any idea?



  • i have same problem (after update 1.0.1-SNAPSHOT-11-30-2006)

    nat, pfw already added. and rules already added. and ftp helper unchecked for all nic.

    reboot pfsense. startup messages:


    Configuring OPT1 interfaces.. done.
    Configuring CARP interfaces.. done.
    Configuring firewall... grep: ftp1-wanip: no such file or directory                            <--- !!!!!
    grep: ftp2-wanip: no such file or directory                                                        <--- !!!!!
    Starting WebConfigurator.. done.
    Starting DNS forwarder.. done.
    Starting DHCP service.. done.
    Setting up microcode and tx/rx offloading.. done
    Starting FTP helpers.. done.
    Waiting for final CARP interfaces bringup...
    ...

    if rebooted and see "grep: ip: no such file or directory" message ftp's not accessed.
    if "grep ...." not see, ftp's accessed.

    REALLY!

    this bug???

    (i read all this forum.. sorry for my bad english)



  • FTP does not work with mulitple WANS.  And you want the helper ON, not off.



  • i have single wan, but i have 2 ftp server (1 wan 1 lan 2 opt)

    same startup msgs:
    ..
    Configuring OPT1 interfaces.. done.
    Configuring CARP interfaces.. done.
    Configuring firewall… grep: 212.175.221.61: no such file or directory                            <--- !!!!!
    grep: 212.175.221.62: no such file or directory                                                        <--- !!!!!
    Starting WebConfigurator.. done.
    Starting DNS forwarder.. done.
    Starting DHCP service.. done.
    Setting up microcode and tx/rx offloading.. done
    Starting FTP helpers.. done.
    Waiting for final CARP interfaces bringup...
    ...

    if "grep..." msgs exist, ftp's not accessed.

    after add new nat/pfw with ftp(port21) and saved auto created rules.

    new startup msgs:
    ..
    Configuring OPT1 interfaces.. done.
    Configuring CARP interfaces.. done.
    Configuring firewall... grep: 212.175.221.63: no such file or directory                            <--- !!!!!
    Starting WebConfigurator.. done.
    Starting DNS forwarder.. done.
    Starting DHCP service.. done.
    Setting up microcode and tx/rx offloading.. done
    Starting FTP helpers.. done.
    Waiting for final CARP interfaces bringup...
    ...

    212.175.221.61(ftp1-wanip) and 212.175.221.62(ftp2 wanip) accessed, but 212.175.221.63(ftp3-wanip) not accessed.

    REALLY!

    and


    or

    this true?



  • If you want to make it work without the ftp helper create forward for reach public IP to the correct ftp server (port 21 AND the range that the ftp server uses for passive mode). Additionally you have to make the ftpservers aware of their real public IP (check your ftpserver's manuals if it has a technique to detect it).



  • i want work with ftp helper..

    if 1 ftp server, not exist any problem

    but i have 2 ftp server… and i have connection problem..

    ..
    Configuring OPT1 interfaces.. done.
    Configuring CARP interfaces.. done.
    Configuring firewall... grep: 212.175.221.61: no such file or directory                            <--- !!!!!
    grep: 212.175.221.62: no such file or directory                                                        <--- !!!!!
    Starting WebConfigurator.. done.
    Starting DNS forwarder.. done.
    Starting DHCP service.. done.
    Setting up microcode and tx/rx offloading.. done
    Starting FTP helpers.. done.
    Waiting for final CARP interfaces bringup...
    ...

    if "grep..." msgs exist, ftp's not accessed.

    this is interesting problem?  :o  and unique for me?



  • solution:

    delete all nat and ftp rules (ftp related)

    reboot

    add one first ftp nat, save auto created rules and apply

    reboot

    add one second ftp nat, save auto created rules and apply

    don't reboot

    different 2 ext. and 2 int. fpt server accessed.


Locked