4. FTP proxy And PPTP

FTP proxy And PPTP

  • J

    Hi,

    Should it be possible to setup the "-p" option of pftpx in the interface configuration tab ? In fact I'm using private wan and public DMZ (WAN network is a private network between ISP router and pfsense to carry the public range to the DMZ).
    So, I NAT (outbound) on the wan interface all that is coming from lan to Internet with a public IP (virtual IP of type IP) of my DMZ subnet ( I hope you understand when reading that).

    IF I enable the ftp proxy, it "generates" traffic with the WAN IP of pfsense (which is private), so I NAT (outbound) on the WAN interface all traffic sourced from the WAN IP with a public VIP. This is working fine.

    The last problem is inside the FTP protocol, the proxy anounces its WAN IP in PORT commands… but I want him to anounces the VIP I'm nating with.

    The solution I have found is to modify /etc/inc/config.inc in order to execute the following
    mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 -p <my public="" vip="">");

    I have also the same problem with PPTP(GRE+ TCP1723), by default rules are generated to allow traffic from any to WAN but in the case you have a public DMZ you must allow from any to DMZ IP(or DMZ carpIP). I have modified the file /etc/inc/filter.inc with : $pptpdtarget = "<my dmz="" carp="" public="" ip="">";

    Thank you.</my></my>

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy