Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP Server behind pfSense - purpose of CARP IP?

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      highc
      last edited by

      I have setup an FTP server (pure-ftpd) behind pfsense. Basically, I followed http://forum.pfsense.org/index.php/topic,15811.html, using the port forwarding approach. I think this is a great guide, very helpful.

      What I am wondering about:

      I have followed almost all steps, forwarding ports 20, 21 and the passive port range to the ftp server and setting the ftp server to reply to PASV commands with the external IP.

      I have not yet setup a virtual CARP IP (step 4). But it's working already.

      Reading through the explanations in the above mentioned thread, I think I understand why it's working - but I don't understand what I would need the virtual CARP IP for: If the ftp server already responds with the correct address, what's the additional benefit of configuring a virtual CARP IP?

      I'm just trying to understand how it's supposed to work. Thanks!

      pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
      pfSense 2.6 on Super Micro 5018D-FN4T (retired)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Does it really work for both active and passive FTP? With the FTP helper enabled or disabled?

        The CARP VIP is usually required if you need the FTP helper (proxy) because it cannot bind to a Proxy ARP or Other type VIP.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • H
          highc
          last edited by

          FTP-Helper was not disabled on LAN and WAN. However, pure-ftpd showed real IPs, not proxy IPs upon login.

          I have disable FTP-Helper now on both interfaces to see if this makes a difference.

          pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
          pfSense 2.6 on Super Micro 5018D-FN4T (retired)

          1 Reply Last reply Reply Quote 0
          • H
            highc
            last edited by

            Yes, same result (active and passive ftp working from WAN) with FTP Helpers disabled.

            pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
            pfSense 2.6 on Super Micro 5018D-FN4T (retired)

            1 Reply Last reply Reply Quote 0
            • J
              Jahntassa
              last edited by

              On my setup, simply port forwarding is all I needed to do. I did it with a P-ARP VIP since my primary IP is done by DHCP.

              Since the ports are forwarded, and it seems to me you don't have extra IPs (or aren't trying to use anything but the primary IP), you don't need any CARPs.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.