On Wed, May 27, 2009 at 5:42 PM, Alexandre Biancalana <[email protected]> wrote: > Hi list, > > I have two firewall with 7.2-STABLE, PF and Carp for failover. > > The machine have one physical interface dedicated to two internet > links (from different providers) and using two vlans on top of this > physical interface. Each vlan have one real ip address and a carp > interface with multiple real ip addresses for each vlan. I have three > ftp servers with invalid ip addresses behind the firewall that need to > be accessible from internet. > > Then I configured ftp-proxy in the following way: > > ftp-proxy -a <internal_fw_ip> -b <ftp_external_ip> -p21 -R <ftp_internal_ip> > > When ftp_external_ip is an ip associated to the carp interface, the > ftp connection is unstable, some times the connection is opened, some > times the connection is broken in the middle of list command or before > enter the password. If I start the ftp-proxy command using as > ftp_external_ip the ip associated with the vlan interface everything > works great. > > This machines are in production, so I'm building a lab with virtual > machines to do some experiments and try to reproduce this. > > Did someone had seen something like this before ?
Sure have with pfSense many times. You might want to give this custom pftpx-route port a try that we have. You can start an instance of pftpx for each wan and then it will do the required route-to work. http://www.pfsense.org/~sullrich/ported_software/pftpx_routeto/ Scott _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
