AW: [pfSense Support] Configuration with Public IP DMZ

Thu, 28 Sep 2006 05:03:52 -0700 

This is extensively covered at the forum and there even is a faq entry at 
faq.pfsense.com (I think).
 
However, quick guide:
- Delete all NAT/firewallrules you created for the ftpserver (most likely wrong 
as it doesn't work) to start over.
- at interfaces>wan enable ftp helper
- at firewall>nat, portforward create a portforward: interface WAN, 
interfaceadress, port 21, destination <internal ftp server IP>, port 21
- save (nothe te text in the apply message that it created a rule for the 
ftp-helper
- apply
 
That's it
 
Holger

        -----Ursprüngliche Nachricht----- 
        Von: Michael Schuh [mailto:[EMAIL PROTECTED] 
        Gesendet: Do 28.09.2006 12:28 
        An: support@pfsense.com 
        Cc: 
        Betreff: [pfSense Support] Configuration with Public IP DMZ
        
        

        Hi,
        
        i have pfsense taked yesterday in production use
        (SNAPSHOT from 2006-09-26).
        My configuration is
        wan public.226/28
        DMZ public.241/28
        lan privateip/24
        
        now i have the Problem my config for ftp-proxying our ftp-server
        is probably wrong. i can connect to the ftp, but it passed only
        one type of ftp-connect's (active or passive, be not sure).
        
        i say our ftp.server is on public.247 so i must redirect all
        ftp connects to the ftp-proxy-helper, but i be not sure how.
        
        i have diabled the automatic nat rules, and need also the right
        rules for outboud ftp sessions.
        at the time i have configured outbound nat only for
        our privatenet except the DMZ-NET.
        
        Another question is abount /etc/sysctl.conf. I have made
        an entry for proxyarp, while out interconnect disconnects the
        dmz-nt if they get no arp addresses (for me this is bullshit, 
security-leak)
        but he doesn't work otherwise.
        Get the /etc/sysctl mangled or changes by an update? if so, if there
        another possibility to change net.link.ether.inet.proxyall to 1 ?
        (default 0 ).
        
        thank a lot
        
        regards
        
        michael
        
        ---------------------------------------------------------------------
        To unsubscribe, e-mail: [EMAIL PROTECTED]
        For additional commands, e-mail: [EMAIL PROTECTED]

<<winmail.dat>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to