Can not access FTP port forward from internal network

  • Hi,

    I am using PFSense 2.0-RC1 (i386) built on Mon Feb 28 18:12:00 EST 2011

    I am trying to publish an internal FTP-server.

    I have created the forward rules under "Firewall: NAT: Port Forward" and forward port 21 and ports 49100-49300 to the internal FTP-server. I have configured the FTP-server to limit the passive portrange to 49100-49300.

    From an external network I can connect to the FTP-server, and download/upload files, no problems, using passive FTP.

    But if I try to connect to the same IP from the internal network, ie using the DNS-name that points to the external interface on PFsense, I can login but not list files, the FTP-cilent just times out waiting for the file-listing.

    I can connect to the FTP-server's internal IP just fine, and I also have a webserver running on the same machine, and that port forward can be accessed from the internal network without problem.

    The FTP-server is ProFTPD Version: 1.3.1 on Debian 5.0.3

    I know split-dns is a solution, but I rather just get the port-forwards to work.

  • Netgate Administrator

    Have you enabled NAT reflection?


  • I tried enabling it for both rules, but that didn't help. Do I need to enable it somewhere else to?

    Also, under "System: Advanced: Firewall and NAT" , "Disable NAT Reflection for port forwards" is not checked.


  • I do not think ftp works correctly with nat reflection.
    Please create a dns entry for your internal LAN to resolve to the internal ip.

Log in to reply