Bonded T1 = 2 IP Range on WAN Port

  • I have 2 T1's recently bonded (last week).  They were previously working as separate lines controlled by ISP off of AdTrans.  One is in the 216.x.x.x range and the other is in the 66.x.x.x range.  I have a 1:1 NAT on the 216.x.x.x (4 hosts) and the 66.x.x.x (1 host).  The 216 range is the primary (per ISP) range.  I have VIP on all the Public IPs I am natting 1:1 to our internal server - all services such as SMTP, HTTP, HTTPS, RDP, FTP works on the 216.x.x.x range (no port forwards at all - straight 1:1).  If I put a host on the 66.x.x.x all services also works EXCEPT FTP.  If I try to connect via command line in DOS to the FTP, my server replies but it does not ls contents - access denied.  Using Internet Explorer, you can not connect period to our FTP Server.  Now, if I move this host to the 216.x.x.x range, it works!  The weird thing is that on 66.x.x.x all other services, HTTP, HTTPS, RDP - works!  So what is it with bonded T1's or in pfSense that I need to change.  BTW, just for grins, the rule on 66.x.x.x was any source port * and destination ANY port * = basically all ports open - and still the FTP piece did not work properly.

    Last but not least, the company actually uses SonicWall 2400 Pro and it exhibits the same type of actually opens for 2-10 minutes, then closes off - I just used pfSense thinking it was the SonicWall.  I have a portable laptop with nothing but pfSense for my testing and verification…now.  (New to this great new firewall!) :D

    The ISP says the Cisco router in front of the firewall is functioning is bridge mode so it just passes traffic through - but I do not feel like the Cisco and its configurations are set correctly or something on their end - just from my testing above and results.

    Any ideas or thoughts?  Thank you.

Log in to reply