RE: [pfSense Support] Multimple WAN ftp server thing.
O I C. So, I read what I could find, and I could use some clearing up: Choose one of the following: 1) FTP incoming or outgoing is impossible with Multi-WAN on either WAN interface 2) FTP is impossible on Multi-WAN incoming, but possible outgoing only through WAN1 3) FTP is impossible on Multi-WAN incoming, but possible outgoing through either WAN (the lb gateway) 4) FTP is possible on Multi-WAN incoming and outgoing only through WAN1 5) FTP is possible on Multi-WAN incoming only through WAN1 and outgoing through either WAN (the lb gateway) Thanks, Dave -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 5:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multimple WAN ftp server thing. On 4/10/08, David Cavanaugh [EMAIL PROTECTED] wrote: Hello all and greetings: We've recently switched to pfsense to, among other things, take advantage of the multiple WAN feature. So, we have two interfaces defined thusly: wan ifem0/if mtu/ blockpriv/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddr74.x.x.4/ipaddr subnet29/subnet gateway74.x.x.3/gateway /wan opt1 ifsis0/if descrWAN2/descr bridge/ enable/ ipaddr170.x.x.2/ipaddr subnet30/subnet gateway170.x.x.1/gateway spoofmac/ mtu/ /opt1 WAN(WAN) is a T1. OPT1(WAN2) is a DSL. We created a LoadBalance Gateway with WAN and WAN2, as follows: lbpool typegateway/type behaviourfailover/behaviour monitorip/ nameLANLoadBalance/name descLoad Balance LAN/desc port/ serverswan|208.67.217.132/servers serversopt1|208.67.217.132/servers monitor/ /lbpool We have users in the field trying to access an FTP server on the LAN via the OPT1(WAN2) IP address. Without me going any further, is such a thing feasible? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FTP is not supported on multi-wan. This question comes up every couple months. Search the archives / forum for more information. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Multimple WAN ftp server thing.
Personally I have number 4 setup... It took several days of playing, and to be honest I'm not sure what all was the reason it finally worked. But I have this setup: WAN: Disable the userland FTP-Proxy application CHECKED WAN2: Disable the userland FTP-Proxy application CHECKED WAN3: Disable the userland FTP-Proxy application CHECKED LAN: Disable the userland FTP-Proxy application UNCHECKED LAN2: Disable the userland FTP-Proxy application UNCHECKED I also have a loopback rule set on the LAN and LAN2 (read it somewhere on the forum... and it actually worked) LAN(s) RULE - PROTO:TCP SOURCE:ANY PORT:ANY DESTINATION:127.0.0.1/31 PORT: 8000-8030 GATEWAY:DEFAULT Good luck! And hopefully it works for you! -Original Message- From: David Cavanaugh [mailto:[EMAIL PROTECTED] Sent: Friday, April 11, 2008 10:06 AM To: support@pfsense.com Subject: RE: [pfSense Support] Multimple WAN ftp server thing. O I C. So, I read what I could find, and I could use some clearing up: Choose one of the following: 1) FTP incoming or outgoing is impossible with Multi-WAN on either WAN interface 2) FTP is impossible on Multi-WAN incoming, but possible outgoing only through WAN1 3) FTP is impossible on Multi-WAN incoming, but possible outgoing through either WAN (the lb gateway) 4) FTP is possible on Multi-WAN incoming and outgoing only through WAN1 5) FTP is possible on Multi-WAN incoming only through WAN1 and outgoing through either WAN (the lb gateway) Thanks, Dave -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 5:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multimple WAN ftp server thing. On 4/10/08, David Cavanaugh [EMAIL PROTECTED] wrote: Hello all and greetings: We've recently switched to pfsense to, among other things, take advantage of the multiple WAN feature. So, we have two interfaces defined thusly: wan ifem0/if mtu/ blockpriv/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddr74.x.x.4/ipaddr subnet29/subnet gateway74.x.x.3/gateway /wan opt1 ifsis0/if descrWAN2/descr bridge/ enable/ ipaddr170.x.x.2/ipaddr subnet30/subnet gateway170.x.x.1/gateway spoofmac/ mtu/ /opt1 WAN(WAN) is a T1. OPT1(WAN2) is a DSL. We created a LoadBalance Gateway with WAN and WAN2, as follows: lbpool typegateway/type behaviourfailover/behaviour monitorip/ nameLANLoadBalance/name descLoad Balance LAN/desc port/ serverswan|208.67.217.132/servers serversopt1|208.67.217.132/servers monitor/ /lbpool We have users in the field trying to access an FTP server on the LAN via the OPT1(WAN2) IP address. Without me going any further, is such a thing feasible? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FTP is not supported on multi-wan. This question comes up every couple months. Search the archives / forum for more information. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Multimple WAN ftp server thing.
Thanks so far for all the info. But using WebDAV (port 80) instead of FTP would circumvent this limitation, correct? -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED] Sent: Friday, April 11, 2008 12:50 PM To: support@pfsense.com Subject: RE: [pfSense Support] Multimple WAN ftp server thing. Personally I have number 4 setup... It took several days of playing, and to be honest I'm not sure what all was the reason it finally worked. But I have this setup: WAN: Disable the userland FTP-Proxy application CHECKED WAN2: Disable the userland FTP-Proxy application CHECKED WAN3: Disable the userland FTP-Proxy application CHECKED LAN: Disable the userland FTP-Proxy application UNCHECKED LAN2: Disable the userland FTP-Proxy application UNCHECKED I also have a loopback rule set on the LAN and LAN2 (read it somewhere on the forum... and it actually worked) LAN(s) RULE - PROTO:TCP SOURCE:ANY PORT:ANY DESTINATION:127.0.0.1/31 PORT: 8000-8030 GATEWAY:DEFAULT Good luck! And hopefully it works for you! -Original Message- From: David Cavanaugh [mailto:[EMAIL PROTECTED] Sent: Friday, April 11, 2008 10:06 AM To: support@pfsense.com Subject: RE: [pfSense Support] Multimple WAN ftp server thing. O I C. So, I read what I could find, and I could use some clearing up: Choose one of the following: 1) FTP incoming or outgoing is impossible with Multi-WAN on either WAN interface 2) FTP is impossible on Multi-WAN incoming, but possible outgoing only through WAN1 3) FTP is impossible on Multi-WAN incoming, but possible outgoing through either WAN (the lb gateway) 4) FTP is possible on Multi-WAN incoming and outgoing only through WAN1 5) FTP is possible on Multi-WAN incoming only through WAN1 and outgoing through either WAN (the lb gateway) Thanks, Dave -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 5:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multimple WAN ftp server thing. On 4/10/08, David Cavanaugh [EMAIL PROTECTED] wrote: Hello all and greetings: We've recently switched to pfsense to, among other things, take advantage of the multiple WAN feature. So, we have two interfaces defined thusly: wan ifem0/if mtu/ blockpriv/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddr74.x.x.4/ipaddr subnet29/subnet gateway74.x.x.3/gateway /wan opt1 ifsis0/if descrWAN2/descr bridge/ enable/ ipaddr170.x.x.2/ipaddr subnet30/subnet gateway170.x.x.1/gateway spoofmac/ mtu/ /opt1 WAN(WAN) is a T1. OPT1(WAN2) is a DSL. We created a LoadBalance Gateway with WAN and WAN2, as follows: lbpool typegateway/type behaviourfailover/behaviour monitorip/ nameLANLoadBalance/name descLoad Balance LAN/desc port/ serverswan|208.67.217.132/servers serversopt1|208.67.217.132/servers monitor/ /lbpool We have users in the field trying to access an FTP server on the LAN via the OPT1(WAN2) IP address. Without me going any further, is such a thing feasible? Thanks, Dave FTP is not supported on multi-wan. This question comes up every couple months. Search the archives / forum for more information. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multimple WAN ftp server thing.
David Cavanaugh wrote: Thanks so far for all the info. But using WebDAV (port 80) instead of FTP would circumvent this limitation, correct? Correct. Using any file transfer mechanism other than the NAT-b0rk FTP will work around this, including SCP, WebDAV (though that makes me cringe a little given its history of security issues), etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multimple WAN ftp server thing.
On 4/10/08, David Cavanaugh [EMAIL PROTECTED] wrote: Hello all and greetings: We've recently switched to pfsense to, among other things, take advantage of the multiple WAN feature. So, we have two interfaces defined thusly: wan ifem0/if mtu/ blockpriv/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddr74.x.x.4/ipaddr subnet29/subnet gateway74.x.x.3/gateway /wan opt1 ifsis0/if descrWAN2/descr bridge/ enable/ ipaddr170.x.x.2/ipaddr subnet30/subnet gateway170.x.x.1/gateway spoofmac/ mtu/ /opt1 WAN(WAN) is a T1. OPT1(WAN2) is a DSL. We created a LoadBalance Gateway with WAN and WAN2, as follows: lbpool typegateway/type behaviourfailover/behaviour monitorip/ nameLANLoadBalance/name descLoad Balance LAN/desc port/ serverswan|208.67.217.132/servers serversopt1|208.67.217.132/servers monitor/ /lbpool We have users in the field trying to access an FTP server on the LAN via the OPT1(WAN2) IP address. Without me going any further, is such a thing feasible? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FTP is not supported on multi-wan. This question comes up every couple months. Search the archives / forum for more information. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
