FTP proxy And PPTP



  • Hi,

    Should it be possible to setup the "-p" option of pftpx in the interface configuration tab ? In fact I'm using private wan and public DMZ (WAN network is a private network between ISP router and pfsense to carry the public range to the DMZ).
    So, I NAT (outbound) on the wan interface all that is coming from lan to Internet with a public IP (virtual IP of type IP) of my DMZ subnet ( I hope you understand when reading that).

    IF I enable the ftp proxy, it "generates" traffic with the WAN IP of pfsense (which is private), so I NAT (outbound) on the WAN interface all traffic sourced from the WAN IP with a public VIP. This is working fine.

    The last problem is inside the FTP protocol, the proxy anounces its WAN IP in PORT commands… but I want him to anounces the VIP I'm nating with.

    The solution I have found is to modify /etc/inc/config.inc in order to execute the following
    mwexec("/usr/local/sbin/pftpx -c {$port} -g 8021 -p <my public="" vip="">");

    I have also the same problem with PPTP(GRE+ TCP1723), by default rules are generated to allow traffic from any to WAN but in the case you have a public DMZ you must allow from any to DMZ IP(or DMZ carpIP). I have modified the file /etc/inc/filter.inc with : $pptpdtarget = "<my dmz="" carp="" public="" ip="">";

    Thank you.</my></my>


Log in to reply