Connecting with external IP to servers in DMZ
-
Hi
I am redoing the firewall at a school and i cant access the ftp server in the DMZ from the internal network using its external ip. Using the internal ip works fine, so does connecting from outside. There will be a dns, www and another ftp server in the DMZ later on.
Nice "ASCII art":
WAN (192.123.234.224/28)
|
|
PFsense –- DMZ (192.168.2.0/24)
|
|
LAN with several subnetsCurrent config is 1:1 nat to the ftp server and wan rules to accept ftp ports and a passive port range to the ftp server. Lan network to everywhere and DMZ to everywhere but the lan network. Ftp helper is also disable on wan and DMZ.
Hope someone has a solution for this :).
-
http://forum.pfsense.org/index.php/topic,7001.0.html
-
http://forum.pfsense.org/index.php/topic,7001.0.html
So basically i need to forward ports and turn on nat reflection? Or did i get it wrong?
-
I don't think natreflection will work for ftp but I haven't tried it yet. I would try to use split dns to resolve the internal dmz IP to the lan clients.
-
I just asked a friend that runs an ftp behind pfSense.
He's not using the ftp-helper.
He just forwards port 21 and a range he defined on his server.With this kind of setup he can use reflection on his ftp server.
-
Yes, without the helper it should work.
-
Turned off ftp-helper on all interfaces and added a port forward on the lan inteface for ftp port and a passive range and it works great :), thx.