Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP proxy And PPTP

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Juve
      last edited by

      Hi,

      Should it be possible to setup the "-p" option of pftpx in the interface configuration tab ? In fact I'm using private wan and public DMZ (WAN network is a private network between ISP router and pfsense to carry the public range to the DMZ).
      So, I NAT (outbound) on the wan interface all that is coming from lan to Internet with a public IP (virtual IP of type IP) of my DMZ subnet ( I hope you understand when reading that).

      IF I enable the ftp proxy, it "generates" traffic with the WAN IP of pfsense (which is private), so I NAT (outbound) on the WAN interface all traffic sourced from the WAN IP with a public VIP. This is working fine.

      The last problem is inside the FTP protocol, the proxy anounces its WAN IP in PORT commands… but I want him to anounces the VIP I'm nating with.

      The solution I have found is to modify /etc/inc/config.inc in order to execute the following
      mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 -p <my public="" vip="">");

      I have also the same problem with PPTP(GRE+ TCP1723), by default rules are generated to allow traffic from any to WAN but in the case you have a public DMZ you must allow from any to DMZ IP(or DMZ carpIP). I have modified the file /etc/inc/filter.inc with : $pptpdtarget = "<my dmz="" carp="" public="" ip="">";

      Thank you.</my></my>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.