Disable FTP proxy for a specific interface


  • Hi all I have the following setup:

    LAN - Network
    DMZ - with 1 FTP server
    3 WAN connections with 5 valid ip address in each one

    If I turn on debugpfftpproxy=0 my LAN clients can connect to the FTP server that is on DMZ normally but any internet client could-not connect to my FTP server

    If I turn of ftpproxy (debugpfftpproxy=1) the internet clients could connect to my FTP server normally but my LAN clients could not connect anymore.

    To help me, the FTP server in hosted in my less reliable link that is a Tier 3 on my outside route group and it is hosted in an IP Alias of this link.

    I've created the NAT por forward of ports 20:21 and 4000:4100 and have setup my FTP server to operate in this port range. I've created too the outbound NAT for this server with this ports using static NAT and getting out of my firewall with the correct IP alias as source address, but with the pfftpproxy enable the server always try to answer packets using the ip address of the first and more reliable link that is the tier 1 on my route group and default gateway of the firewall.

    So I'd like to ask you, is there any way to turn off the pfftpproxy only for this interface and let all the internal LAN users and outside world connect to my DMZ server without any kind of problem??

    Thanks!

  • Rebel Alliance Developer Netgate

    There isn't a per-interface toggle for the proxy, it's a global value.