Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Loadbalancing and Outgoing NAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sebastianus
      last edited by

      Hi to all!
      (hope this is the correct sub-forum for this question)

      I have a problem with my pfsense:

      i configured my pfsense with a second wan-interface and activated load-balancing. all is working fine, except FTP connections.

      Version: 1.2-RC2

      my cfgs:
      LAN: 172.16.1.2/24
      WAN: 81.223.XXX.254/28 GW 81.223.XXX.241 - disable ftp-proxy - block private networks
      DMZ (OPT1): 192.168.1.254/24
      DMZ2 (OPT2): 192.168.128.254/24
      WAN2 (OPT4): 81.223.XXX.222/28 GW 81.223.XXX.209 - disable ftp-proxy

      outbound-nat:
      WAN - 172.16.1.0/24 (my lan-range) - *
      WAN2 - 172.16.1.0/24 - *
      WAN - 192.168.128.0/24 - *
      WAN2 - 192.168.128.0/24 - *
      WAN - 192.168.1.0/24 - * (the DMZ should only use the WAN interface)

      Rules:
      LAN: * GW Loadbalancer
      WAN: only auto-generated rules from nat (port 25, 80, …)
      DMZ: * DMZ net * !LAN net * GW *
      DMZ2: * DMZ2 net * GW Loadbalancer

      if i use the default-gateway in lan or dmz2, ftp work's fine. but if i use the loadbalancer as gateway, i don't get any connection. (netstat shows only syn_sent, seems that the route back doesnt work)
      FTP from DMZ net works find (on this interface the gatway is the default one)
      i tried at outbound nat for WAN/WAN2 settings without source-net (*). then i got an ftp-connection, but the udp-connection seems to fail, i get no directory listing (only via pasv mode).

      another curious thing: if i set the gateway from default to "81.223.XXX.241" (my default gateway), i doesnt work either... only the default-gatway works for ftp... why???

      anyone an idea that could help me?

      regards
      sebastianus

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.

        http://devwiki.pfsense.org/FTPTroubleShooting

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • S
          sebastianus
          last edited by

          oh my god… that did it!!!

          this simple thing took me several hours, very much coffee and much more cigarettes... ;)

          thank you very much!!!!!!

          regards, sebastianus

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.