Hi, first thanks for your work and hints, but i have seen the entrys in forum and faq, but this covers not my problem. I think you have not really understand what i would, or better i have not clearly enough described my problem.
Our ftp-server is on an public ip-address (our complete dmz). so that i have to make no nat on DMZ interfaces/addresses. The soulution that you have described is only really valid on private addresses on DMZ like 192.168.1.24 or so (i think) WAN DMZ LAN 213.135.2.225/28---213.135.2.240/28--192.168.1.0 And therfore i can not change our public ip addresses (on the servers) like change it to private to opreate with the known configuration as described by you and the entrys in the forum. possibly i think to strange for configuration (this may results from iptables and other config strategies). i would only redirect connects incoming on the WAN/LAN-Interface for DMZ-IP 247 port = ftp but not all connects on the WAN-IP to port = ftp ! this is important because we would later run a second ftp-server or so....and with the described solution this is impossible, or i must eventually spend a second virtual ip from my WAN-NET. i hope so you and the others understand what i like to get. thanks for all regards michael 2006/9/28, Holger Bauer <[EMAIL PROTECTED]>:
This is extensively covered at the forum and there even is a faq entry at faq.pfsense.com (I think). However, quick guide: - Delete all NAT/firewallrules you created for the ftpserver (most likely wrong as it doesn't work) to start over. - at interfaces>wan enable ftp helper - at firewall>nat, portforward create a portforward: interface WAN, interfaceadress, port 21, destination <internal ftp server IP>, port 21 - save (nothe te text in the apply message that it created a rule for the ftp-helper - apply That's it Holger -----Ursprüngliche Nachricht----- Von: Michael Schuh [mailto:[EMAIL PROTECTED] Gesendet: Do 28.09.2006 12:28 An: support@pfsense.com Cc: Betreff: [pfSense Support] Configuration with Public IP DMZ Hi, i have pfsense taked yesterday in production use (SNAPSHOT from 2006-09-26). My configuration is wan public.226/28 DMZ public.241/28 lan privateip/24 now i have the Problem my config for ftp-proxying our ftp-server is probably wrong. i can connect to the ftp, but it passed only one type of ftp-connect's (active or passive, be not sure). i say our ftp.server is on public.247 so i must redirect all ftp connects to the ftp-proxy-helper, but i be not sure how. i have diabled the automatic nat rules, and need also the right rules for outboud ftp sessions. at the time i have configured outbound nat only for our privatenet except the DMZ-NET. Another question is abount /etc/sysctl.conf. I have made an entry for proxyarp, while out interconnect disconnects the dmz-nt if they get no arp addresses (for me this is bullshit, security-leak) but he doesn't work otherwise. Get the /etc/sysctl mangled or changes by an update? if so, if there another possibility to change net.link.ether.inet.proxyall to 1 ? (default 0 ). thank a lot regards michael --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]