[WORKS] Ftp server (passive and active) behind pfsense on 1.2-beta
I'm using pfsense "1.2-BETA-1-TESTING-SNAPSHOT-05-24-2007".
I have a ftp server behind pfsense and I can not join It from Internet. I need passive and active connection.
What I have :
ftp-helper is enable for wan interface
NAT rule :
WAN TCP 21 (FTP) 192.168.1.2 21(FTP)
The creation off this nat rule create automaticly two standart rules in order to accept ftp traffic
For information the external adresse is virtual.
On the system :
# ps auwx | grep pftpx proxy 4296 0.0 0.0 656 492 ?? Ss 3:34PM 0:00.00 /usr/local/sbin/pftpx -c 8021 -g 8021 192.168.1.254
It strange because any references to the external or internet addresses and the ports are wrong ? More over the ip 192.168.1.254 is the "gateway"…
any idea ?
thank you in advance
With the ftp client, I have thoses errors :
ftp> cd directory 250 CWD command successful. ftp> ls 227 Entering Passive Mode (192,168,1,2,17,173). ftp: connect: No route to host
It seems that was a corrected bug : 1263 ?
any idea ? thank you in advance
FAQ. Virtual IP's + FTP are only compatible with CARP type.
Ok thank you for the answer, I'm confused, i have'nt see it in the FAQ :'(
Effectively the virtual IP are in Proxy Arp.
To work you must have :
- Virtual IP in CARP mode
- ftp-helper activated on the WAN interface
- A NAT rule from the external IP to the internal IP on the FTP Port. The creation of this NAT rule create two standart rules to accept connection on the port 21 to the firewall on the external IP and the internal IP.
Thank you in advance.
I've got one question : the CARP mode for a virtual interface is not only for redundancy ?
It can be used as a stand alone interface as well (CARP). It simply broadcasts VRRP which should not be an issue in most cases.
Ok thank you :)
And for IP in an other subnet, we have :
- create alias with shell commands ifconfig
- use the type "other"
This thread just saved my butt. I'm dropping some search engine glue for any other poor souls:
FTP server doesn't work
FTP server won't work
Publish FTP server
NAT FTP server