FTP problem with loadbalancing (ftp NOT loadbalanced)

NATHAM

Hi:

I have a problem with outgoing FTP, i set up load balancing for some protocols (not FTP, SSH, https and rdp) and created a firewall rule to force FTP to go out trough one of my WAN connections(the first rule). I dont know why it doesnt work.

If i delete the pools it just works, but when i create it and set up the ruls it just stop working.

Any ideas?

FTP helper is disable on all the interfaces.

GruensFroeschli

screenshot of your rules please.

NATHAM

Hi:

Thank you for your answer, i dont know why it just start working a few minutes ago.

Please Close :)

hoba

The recommended way for ftp on multiwan is the following:

enable ftp-helper at interface LAN (and any other internal interface)
Create a firewallrule at every internal interface at the very top:
pass, protocol any, destination 127.0.0.1, gateway default

This way ftp will even work with balance anything configs. ftp traffic will go out wan only then.

NATHAM

Does FTP supports failover?

hoba

No, ftp is such a broken protocol… It uses several connections on different ports and without the ftp-helper sitting in between it's not possible to determine that all those connections belong to the same ftp-session. Services running at the pfsense itself (like the ftphelper) can't make use of multiwan currently. They'll always use the main WAN.

g4b0

@hoba:

The recommended way for ftp on multiwan is the following:

enable ftp-helper at interface LAN (and any other internal interface)
Create a firewallrule at every internal interface at the very top:
pass, protocol any, destination 127.0.0.1, gateway default

This way ftp will even work with balance anything configs. ftp traffic will go out wan only then.

it still dosen't work for me, I'm getting crazy.. any ideas? follows screenshoot

lan rules:

lan interfaces:

wan interfaces:

wan2 interfaces:

thanks a lot

Perry

Do not use lan adresse and add ports
@http://devwiki.pfsense.org/FTPTroubleShooting:

1. Ensure that the FTP helper is not disabled on Interfaces, LAN
2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.
3. If you are running windows try turning off the windows firewall

g4b0

Ok, now it works! Thanks a lot