FTP helper kernel mode question :-)
-
Hi there,
I was wondering how does the new kernel FTP helper react when you are working with private (RFC1918) WANs (in other words: private WAN, public DMZ, your ISP routes the public subnet to your WAN, when trafic leaves your WAN you then source NAT it with a public IP from you public subnet).
In 1.2.3 I had to change the pftpx startup configuration in config.inc to define the public IP used in PORT commands since pftpx where using the WAN one (see this sticky: http://forum.pfsense.org/index.php/topic,9016.msg51238.html#msg51238.In 2.0, how will the kernel ftp helper be able to find the public IP to be used for PORT command ? is there a tunable parameter ?
Thanks guys.
-
No that should be a responsability of your ISP!
Since they do the natting for you?
-
No, I do the nating since my ISP is routing the public subnet to my WAN.
The private WAN subnet can be seen as a transport subnet, it improves security since WAN interface is unreachable (rfc1918 subnet are unroutable on the internet) and performance since trafic to DMZ is not nated, you can then achieve better throughput. When LAN trafic leaves your firewall by the WAN interface you have just to source-NAT it with a public IP from your public subnet, the ISP router will then route it to the Internet.
That's why it is important to be able to tune the public IP sent in PORT command.
-
it will put there the same ip that is used for nat.
-
That's the answer I wanted !!
;D Thanks Ermal