Dual WAN – FTP?



  • I simply cannot get any FTP applications to work.  They cannot establish a conntection.

    I've tried creating forwards/rules etc.. To no avail.

    I read that A) FTP is non-functional on a Dual WAN setup.  Doh! – But then B) That there is a work around.

    So apparently some people with Dual WAN's have been able to get it functioning in some capacity.

    I don't need it to utilize load-balancing or any of the sort, of course.  Just a straight pipe.. IE: WAN-LAN-Computer on 21 is fine for my purposes.

    Someone mentioned a sticky with the workaround?  I don't see it.

    Could you guys help me out.

    I will post some rules here:


    Firewall NAT Forward Rules


    
    Firewall: NAT: Port Forward
    
       Port Forward     	   1:1     	   Outbound    
    
      	  	If 	Proto 	Ext. port range 	NAT IP 	Int. port range 	Description 	
    		WAN 	TCP/UDP 	50498  	192.168.1.199
    (ext.: 68.113.90.164) 	50498  	Utorrent  	
    
    		WAN2 	TCP/UDP 	50498  	192.168.1.199
    (ext.: 24.178.189.108) 	50498  	Utorrent_WAN2  	
    
    

    Firewall Rules for LAN


    
    Firewall: Rules
    
       LAN     	   WAN     	   IPSEC     	   WAN2    
    
      	  	Proto 	Source 	Port 	Destination 	Port 	Gateway 	Schedule 	Description 	
    	 	* 	LAN net 	* 	! Modems 	* 	LB - WAN 	  	LAN -> WAN1 + WAN2  	
    
    		* 	LAN net 	* 	WAN-1 	* 	* 	  	LAN ->Wan1 Gateway  	
    
    	 	* 	LAN net 	* 	WAN-2 	* 	WAN2 	  	LAN -> Wan2 Gateway  	
    
    		* 	LAN net 	* 	* 	* 	* 	  	Default LAN -> any  	
    
    	 	TCP 	LAN net 	* 	127.0.0.1 	* 	* 	  	Workaround-FTP  	
    
    

    Firewall Rules for WAN1


    
    Firewall: Rules
    
       LAN     	   WAN     	   IPSEC     	   WAN2    
    
      	  	Proto 	Source 	Port 	Destination 	Port 	Gateway 	Schedule 	Description 	
    	 	* 	* 	* 	* 	* 	* 	  	Pass ALL  	
    			TCP/UDP 	* 	* 	192.168.1.199 	50498 	* 	  	NAT Utorrent  	
    
    

    Firewall Rules for WAN2


    
    Firewall: Rules
    
       LAN     	   WAN     	   IPSEC     	   WAN2    
    
      	  	Proto 	Source 	Port 	Destination 	Port 	Gateway 	Schedule 	Description 	
    		* 	* 	* 	* 	* 	* 	  	Pass ALL  	
    			TCP/UDP 	* 	* 	192.168.1.199 	50498 	* 	  	NAT Utorrent_WAN2  	
    
    

    Firewall: Aliases


    
    Firewall: Aliases
    Name 	Values 	Description 	
    Modems 	24.178.189.108, 68.113.90.164 	Both Internet Ports of the Cable Modems  	
    WAN-1 	68.113.90.164 	Ambit Internet Port  	
    WAN-2 	24.178.189.108 	Webstar IP   	
    
    

    The 127.0.0.1 is the only new rule I've added and kept – I've tried running Port forwards on both WANs in the NAT section, but does no good.

    Also of note, I have the FTP helper disabled now on WAN and WAN2, and enabled only on LAN.  (I hear this is the preferred setup for Dual)

    Any help would be of great value to me.

    Using the latest.. 1.2.1Beta

    Thanks,



  • Your FTP rule is AFTER the Default LAN > Any rule. It is never getting hit. Try moving it before the default LAN > Any rule and see if that helps.



  • @dotdash:

    Your FTP rule is AFTER the Default LAN > Any rule. It is never getting hit. Try moving it before the default LAN > Any rule and see if that helps.

    Well doing that exactly didn't solve the problem.

    But..

    I moved the FTP rule – TCP - LAN net * 127.0.0.1 * *

    Before all the rules and it works fine.

    Thank you very much,..

    If you could, can you analyze that, and my rule listings, and tell me why it wasn't being processed, or blocked?

    What about my Load balancing/gateways/default LAN rules were stopping that from allowing the rule to work?

    The rest of the rules work fine with that rule up top,.. just odd.  (Your explanation is simply to help me further understand how pfsense works for future application). :)

    Also, I know FTP isn't supposed to work on Dual WAN/LB -- But upon testing it is running with Both connections -- Utilizing all my bandwidth Up and Down of both Modems if I open enough transfers.

    Thanks!



  • The rules process top down, in order. So the traffic was not processed any more after hitting the first rule it matched. If you put an allow all traffic and then put a rule after it blocking traffic from a specific IP, for example, no traffic would get blocked, because it would match the allow all.



  • Hi Look at here:

    http://forum.pfsense.org/index.php/topic,4855.0.html

    Could give you a clue…

    Cheers!


Log in to reply