FTP Client proxy package with multiple LAN and public VIPs



  • I have pfSense 2.2.1 installed with one WAN interface and two LAN interfaces.
    The WAN network uses a network (/29) of public IP addresses, so I have configured a static IP for the interface and also several VIPs.
    The NAT is configured accordingly, using one VIP for the traffic coming from one LAN and another VIP for the second LAN.

    I installed the ftp-proxy package to solve the issue I had as soon as I upgraded from version 2.1.5 to 2.2, and now the connections in active mode works as expected, but in order to have also the passive mode working I had to specify the source address in the configuration page of the package.
    I tested this with a FTP client in LAN1, specifying as the source address the VIP used for that LAN, and everything works.

    The problem is that the configuration let me use only one source address, regardless of the LAN interface the traffic is coming from. I would like to be able to use a different source address as I do in the NAT configuration, or maybe have multiple interfaces of the ftp proxy running, each with its own configuration.

    With pfSense version 2.1.5 everything was working as expected without any configuration….

    It will be possible to have a setup like this? Or does someone know how can I work this out?

    Thanks
    Luca


  • Rebel Alliance Developer Netgate

    That sort of setup isn't possible currently. It would take a lot more code to allow the proxy to run multiple instances and use separate settings for each one. Probably more than double the code it has now, if not more. It's not likely to happen any time soon, the old style kernel FTP proxy may come back before that would happen.


Log in to reply