Many topics later on FTP…



  • Two questions / comments on FTP w/pfSense.

    (1)  We know that FTP with 1:1 NAT is a difficult task to accomplish - without hacks.  It requires trick with VIP/port forwarding.  Question is this - I have 5 static ips; 4 of them I plan on using for 1:1 NAT with services other than FTP(HTTP,HTTPS, RDP, etc).  On the 5th public ip I have for use on the FTP service, can I use port forwarding / VIP trick - basically, can I use a combination of 1:1 and port forwarding in my case?

    (2)  How will this type of difficulty with FTP be addressed in 1.3 release?  Basically, will it be easier than current limitations / workarounds?

    I REALLY want to replace my SonicWALLS and WatchGuards!

    Thank you!



  • I would use 1:1 NAT only if you need a really large amount of ports on a server.
    For everything else i'd use normal forwardings.
    For the FTP to work correctly hoba wrote in several placed how to do it right (like here: http://forum.pfsense.org/index.php/topic,8464.msg47487.html#msg47487 ).

    If you use 1:1 NAT you can no longer use the IP for other "normal" forwardings.

    Or is your question if you can use 1:1 NAT for some IP's but normal forwardings for others?
    –> yes.



  • @GruensFroeschli:

    I would use 1:1 NAT only if you need a really large amount of ports on a server.
    For everything else i'd use normal forwardings.
    For the FTP to work correctly hoba wrote in several placed how to do it right (like here: http://forum.pfsense.org/index.php/topic,8464.msg47487.html#msg47487 ).

    If you use 1:1 NAT you can no longer use the IP for other "normal" forwardings.

    Or is your question if you can use 1:1 NAT for some IP's but normal forwardings for others?
    –> yes.

    Are all the FTP problems faced when accessing FTP from Internet?  I did not do anything besides the stock settings and yet, I have no trouble with secured as well as unsecured FTP using an IPSEC connection or PPTP connection over the internet.

    Thanks


Log in to reply