Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP helper kernel mode question :-)

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Juve
      last edited by

      Hi there,

      I was wondering how does the new kernel FTP helper react when you are working with private (RFC1918) WANs (in other words: private WAN, public DMZ, your ISP routes the public subnet to your WAN, when trafic leaves your WAN you then source NAT it with a public IP from you public subnet).
      In 1.2.3 I had to change the pftpx startup configuration in config.inc to define the public IP used in PORT commands since pftpx where using the WAN one (see this sticky: http://forum.pfsense.org/index.php/topic,9016.msg51238.html#msg51238.

      In 2.0, how will the kernel ftp helper be able to find the public IP to be used for PORT command ? is there a tunable parameter ?

      Thanks guys.

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        No that should be a responsability of your ISP!
        Since they do the natting for you?

        1 Reply Last reply Reply Quote 0
        • J
          Juve
          last edited by

          No, I do the nating since my ISP is routing the public subnet to my WAN.
          The private WAN subnet can be seen as a transport subnet, it improves security since WAN interface is unreachable (rfc1918 subnet are unroutable on the internet) and performance since trafic to DMZ is not nated, you can then achieve better throughput. When LAN trafic leaves your firewall by the WAN interface you have just to source-NAT it with a public IP from your public subnet, the ISP router will then route it to the Internet.
          That's why it is important to be able to tune the public IP sent in PORT command.

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            it will put there the same ip that is used for nat.

            1 Reply Last reply Reply Quote 0
            • J
              Juve
              last edited by

              That's the answer I wanted !!
              ;D Thanks Ermal

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.