[Solved] FTP in Dual WAN Multi Homing Configuration

  • EDIT – See 2nd Post for Solution

    First and foremost I would like to say thank you to the PFSense Team. I have used IPcop/Smoothwall and several other firewall and PFSense is definitely a fine piece of work rivaling others. Great work on the installer (nice simple and and straight forward).

    Have been searching on these forums for a little time now and still cannot get plain FTP (as in connect to public server) working.

    I have a completely stock Dual Wan Setup (reinstalled several times just to get a hang of it).

    Load Balancing Pool is setup. NAT is still set to automatic (because i dont know what to do with the manual setup). Under Firewall->Rules->Lan/WAN/OPT1 everything is stock (no changes).

    At the moment i am still using default gateway so that i can access my ftp. In order to activate Dual WAN all I need to do is go to Firewall->Rules->Lan and edit the default rule to use the loadbalance pool for its gateway.

    HOWEVER FTP will not work then.

    Somebody posted the following and it seems to be the key to problem.

    FTP problem solved! Well, simple answear would be much more time saving for me…

    So everyone who need help with FTP issues, here are simple steps to get it work (both passive and active modes works).
    From the web GUI:

    1. Fire Wall -> NAT: add standard FTP rule, in my case:
    WAN      TCP      21 (FTP)      10.1.1.xx (ext.: 212.xx.xx.xx)

    2. Fire Wall -> Rules: Beside the automatic rulles created by pfSense add one more.
    TCP      *      *      8000 - 8020      *  (permitted traffic to on ports 8000-8020)

    3. Interfaces -> LAN: Ensure that the FTP helper box is NOT checked.

    4. Interfaces -> WAN: Ensure that the FTP helper box is NOT checked.

    Knowing this I could save a lot of time, irritation and head acke. I hope this info help other users!


    Step 1 seems to be for a local FTP server (meaning I dont need it so I assume i can skip it)
    Step 2 says Firewall->Rules and thats it. Do we add it under lan or wan or opt1??????

    Do i need Manual NAT enabled under Firewall->NAT->Outbound? If so do I need to add any other rules for simple ftp?

    DelicatePC (We are still learning)

  • Ok after some tinker I have got it to work.

    First everything is stock configuration as per this guide http://doc.pfsense.org/index.php/MultiWanVersion1.2.

    Secondly, no sticky. OPT1 is bound to none. Monitored IPs are the gateways. NAT is at the default (auto). DNS Forwarder is enabled (all three of them). Only rules changed are in the Firewall->Rules->Lane page (all the others are stock). WAN and OPT1 are disabled ftp helper (so the check boxes are checked for them!)

    Then once you have dual wan working but no FTP use this link http://devwiki.pfsense.org/FTPTroubleShooting. I only used the first section (Outgoing Section)

    Below I have Posted my Load balance config as well as the rules.

    Images for those you who dont have an account here:
    Load Balance –http://img89.imageshack.us/img89/2982/loadle7.jpg
    LAN Rules – http://img152.imageshack.us/img152/7739/rulesbj5.jpg

  • I did some testing. While I haven't gotten FTP to work yet at this moment. I found the MultiWAN 1.2 Guide and your setup for Load Balancing -failover- sequence wrong.

    WAN1FailtoWAN2 should have the pools in this sequence WAN, OPT1
    WAN2FailtoWAN1 should have the pools in this sequence OPT1, WAN

    Thanks for your findings.

  • THANKS YOU SAVE ME with de 8000-8030 tip.

Log in to reply