Hi,
first thanks for your work and hints, but
i have seen the entrys in forum and faq, but this covers not my problem.
I think you have not really understand what i would, or better i have
not clearly enough described my problem.
Our ftp-server is on an public ip-address (our complete dmz).
so that i have to make no nat on DMZ interfaces/addresses.
The soulution that you have described is only really valid on
private addresses on DMZ like 192.168.1.24 or so (i think)
WAN DMZ LAN
213.135.2.225/28---213.135.2.240/28--192.168.1.0
And therfore i can not change our public ip addresses
(on the servers) like change it to private to opreate with the known
configuration as described by you and the entrys in the forum.
possibly i think to strange for configuration
(this may results from iptables and other config strategies).
i would only redirect connects incoming on the WAN/LAN-Interface for
DMZ-IP 247 port = ftp
but not all connects on the WAN-IP to port = ftp ! this is important because
we would later run a second ftp-server or so....and with the described solution
this is impossible, or i must eventually spend a second virtual ip
from my WAN-NET.
i hope so you and the others understand what i like to get.
thanks for all
regards
michael
2006/9/28, Holger Bauer <[EMAIL PROTECTED]>:
This is extensively covered at the forum and there even is a faq entry at
faq.pfsense.com (I think).
However, quick guide:
- Delete all NAT/firewallrules you created for the ftpserver (most likely wrong
as it doesn't work) to start over.
- at interfaces>wan enable ftp helper
- at firewall>nat, portforward create a portforward: interface WAN, interfaceadress,
port 21, destination <internal ftp server IP>, port 21
- save (nothe te text in the apply message that it created a rule for the
ftp-helper
- apply
That's it
Holger
-----Ursprüngliche Nachricht-----
Von: Michael Schuh [mailto:[EMAIL PROTECTED]
Gesendet: Do 28.09.2006 12:28
An: support@pfsense.com
Cc:
Betreff: [pfSense Support] Configuration with Public IP DMZ
Hi,
i have pfsense taked yesterday in production use
(SNAPSHOT from 2006-09-26).
My configuration is
wan public.226/28
DMZ public.241/28
lan privateip/24
now i have the Problem my config for ftp-proxying our ftp-server
is probably wrong. i can connect to the ftp, but it passed only
one type of ftp-connect's (active or passive, be not sure).
i say our ftp.server is on public.247 so i must redirect all
ftp connects to the ftp-proxy-helper, but i be not sure how.
i have diabled the automatic nat rules, and need also the right
rules for outboud ftp sessions.
at the time i have configured outbound nat only for
our privatenet except the DMZ-NET.
Another question is abount /etc/sysctl.conf. I have made
an entry for proxyarp, while out interconnect disconnects the
dmz-nt if they get no arp addresses (for me this is bullshit,
security-leak)
but he doesn't work otherwise.
Get the /etc/sysctl mangled or changes by an update? if so, if there
another possibility to change net.link.ether.inet.proxyall to 1 ?
(default 0 ).
thank a lot
regards
michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
