FTP not working with Load Balancer ?



  • Hi !

    FTP connections timeout, though my balancing setup works fine.

    Anyone got an idea ? I followed the tip in the Load-Balancing-How-To to set up a "workaround" rule with 127.0.0.1 1-65535 through my default gateway but nothing changed.



  • @hessie:

    Hi !

    FTP connections timeout, though my balancing setup works fine.

    Anyone got an idea ? I followed the tip in the Load-Balancing-How-To to set up a "workaround" rule with 127.0.0.1 1-65535 through my default gateway but nothing changed.

    Known issue.  FTP is not compatible with dual wan or load balancing atm.



  • Whoops, bad thing … :-( I did not knew that before..

    Is it at least possible to use policy based routing here and push all ftp traffic through one interface or will it also not work ?

    Do you know why its not working and are you working on a fix which should come "soon" or could that take longer ?

    Thanks



  • @hessie:

    followed the tip in the Load-Balancing-How-To to set up a "workaround" rule with 127.0.0.1 1-65535 through my default gateway but nothing changed.

    This workaround works fine sending all ftp-traffic to the main WAN. Make sure your rule is on top of all other rules and you use "default" and not WAN as gateway.



  • You can disable the ftp helper and port forward 21 + the data range and it should work fine.  If you have a ftp server that allows the controlling of the data port range, only allow 1000 ports or so to keep the port range small.



  • Thanks the workaround works now, I had it at the last position at the firewall rules which was wrong. I moved it to the top and now everything works as expected.

    Thanks !



  • No problem.  Glad you got it working.



  • Where do i add the ftp rule? I added the rule below, but that rule doesn't work?

    Proto Source Port Destination Port Gateway Description

    TCP/UDP  LAN net  20 - 21  *  20 - 21  *  FTP



  • If you search you'll find the workaround mentioned endless times here at the forum. However, the rule should look like:
    Firewall>rules, Lantab, very top:
    pass, protocol any, source any, destination 127.0.0.1, gateway default

    This is the most easy rule to fix anything that runs on the pfSense itself with loadbalancing/multiwan, not only ftp but natreflection, packages, …



  • Thanks, now it works!!  Is it possible to add this information to the load balancing document? I did not understand the original line in the most recent version of the load balancing document….



  • I edited the section: http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#FTP.2FNAT-Reflection_Workaround

    Hope this will prevent further confusion.



  • thnx :) i hope that question never comes back again…...



  • It might also be worth noting that pfSense needs to be restarted after implementing this rule for it to fully take affect. At least this was the case with my experience of trying to get FTP working



  • @leimrod:

    It might also be worth noting that pfSense needs to be restarted after implementing this rule for it to fully take affect. At least this was the case with my experience of trying to get FTP working

    Should usually not be needed. I guess it's a state problem if you tried it just before setting up the rule. In that case a diagnostics>states,reset states should fix it.


Log in to reply