Loadbalancing and Outgoing NAT
Hi to all!
(hope this is the correct sub-forum for this question)
I have a problem with my pfsense:
i configured my pfsense with a second wan-interface and activated load-balancing. all is working fine, except FTP connections.
WAN: 81.223.XXX.254/28 GW 81.223.XXX.241 - disable ftp-proxy - block private networks
DMZ (OPT1): 192.168.1.254/24
DMZ2 (OPT2): 192.168.128.254/24
WAN2 (OPT4): 81.223.XXX.222/28 GW 81.223.XXX.209 - disable ftp-proxy
WAN - 172.16.1.0/24 (my lan-range) - *
WAN2 - 172.16.1.0/24 - *
WAN - 192.168.128.0/24 - *
WAN2 - 192.168.128.0/24 - *
WAN - 192.168.1.0/24 - * (the DMZ should only use the WAN interface)
LAN: * GW Loadbalancer
WAN: only auto-generated rules from nat (port 25, 80, …)
DMZ: * DMZ net * !LAN net * GW *
DMZ2: * DMZ2 net * GW Loadbalancer
if i use the default-gateway in lan or dmz2, ftp work's fine. but if i use the loadbalancer as gateway, i don't get any connection. (netstat shows only syn_sent, seems that the route back doesnt work)
FTP from DMZ net works find (on this interface the gatway is the default one)
i tried at outbound nat for WAN/WAN2 settings without source-net (*). then i got an ftp-connection, but the udp-connection seems to fail, i get no directory listing (only via pasv mode).
another curious thing: if i set the gateway from default to "81.223.XXX.241" (my default gateway), i doesnt work either... only the default-gatway works for ftp... why???
anyone an idea that could help me?
2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.
oh my god… that did it!!!
this simple thing took me several hours, very much coffee and much more cigarettes... ;)
thank you very much!!!!!!