This is extensively covered at the forum and there even is a faq entry at faq.pfsense.com (I think). However, quick guide: - Delete all NAT/firewallrules you created for the ftpserver (most likely wrong as it doesn't work) to start over. - at interfaces>wan enable ftp helper - at firewall>nat, portforward create a portforward: interface WAN, interfaceadress, port 21, destination <internal ftp server IP>, port 21 - save (nothe te text in the apply message that it created a rule for the ftp-helper - apply That's it Holger
-----Ursprüngliche Nachricht----- Von: Michael Schuh [mailto:[EMAIL PROTECTED] Gesendet: Do 28.09.2006 12:28 An: support@pfsense.com Cc: Betreff: [pfSense Support] Configuration with Public IP DMZ Hi, i have pfsense taked yesterday in production use (SNAPSHOT from 2006-09-26). My configuration is wan public.226/28 DMZ public.241/28 lan privateip/24 now i have the Problem my config for ftp-proxying our ftp-server is probably wrong. i can connect to the ftp, but it passed only one type of ftp-connect's (active or passive, be not sure). i say our ftp.server is on public.247 so i must redirect all ftp connects to the ftp-proxy-helper, but i be not sure how. i have diabled the automatic nat rules, and need also the right rules for outboud ftp sessions. at the time i have configured outbound nat only for our privatenet except the DMZ-NET. Another question is abount /etc/sysctl.conf. I have made an entry for proxyarp, while out interconnect disconnects the dmz-nt if they get no arp addresses (for me this is bullshit, security-leak) but he doesn't work otherwise. Get the /etc/sysctl mangled or changes by an update? if so, if there another possibility to change net.link.ether.inet.proxyall to 1 ? (default 0 ). thank a lot regards michael --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]