Loadbalancing and Outgoing NAT
-
Hi to all!
(hope this is the correct sub-forum for this question)I have a problem with my pfsense:
i configured my pfsense with a second wan-interface and activated load-balancing. all is working fine, except FTP connections.
Version: 1.2-RC2
my cfgs:
LAN: 172.16.1.2/24
WAN: 81.223.XXX.254/28 GW 81.223.XXX.241 - disable ftp-proxy - block private networks
DMZ (OPT1): 192.168.1.254/24
DMZ2 (OPT2): 192.168.128.254/24
WAN2 (OPT4): 81.223.XXX.222/28 GW 81.223.XXX.209 - disable ftp-proxyoutbound-nat:
WAN - 172.16.1.0/24 (my lan-range) - *
WAN2 - 172.16.1.0/24 - *
WAN - 192.168.128.0/24 - *
WAN2 - 192.168.128.0/24 - *
WAN - 192.168.1.0/24 - * (the DMZ should only use the WAN interface)Rules:
LAN: * GW Loadbalancer
WAN: only auto-generated rules from nat (port 25, 80, …)
DMZ: * DMZ net * !LAN net * GW *
DMZ2: * DMZ2 net * GW Loadbalancerif i use the default-gateway in lan or dmz2, ftp work's fine. but if i use the loadbalancer as gateway, i don't get any connection. (netstat shows only syn_sent, seems that the route back doesnt work)
FTP from DMZ net works find (on this interface the gatway is the default one)
i tried at outbound nat for WAN/WAN2 settings without source-net (*). then i got an ftp-connection, but the udp-connection seems to fail, i get no directory listing (only via pasv mode).another curious thing: if i set the gateway from default to "81.223.XXX.241" (my default gateway), i doesnt work either... only the default-gatway works for ftp... why???
anyone an idea that could help me?
regards
sebastianus -
2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing.
http://devwiki.pfsense.org/FTPTroubleShooting
-
oh my god… that did it!!!
this simple thing took me several hours, very much coffee and much more cigarettes... ;)
thank you very much!!!!!!
regards, sebastianus