On Tue, Jan 6, 2009 at 5:17 PM, Chris Buechler <c...@pfsense.org> wrote: > On Tue, Jan 6, 2009 at 6:43 PM, David Rees <dree...@gmail.com> wrote: >> I recently upgraded a site to 1.2.1 and had some problems with inbound >> FTP afterwards. >> >> In doing my troubleshooting, I noticed that the pftpx daemon never >> starts on the WAN interface - regardless if the "Disable FTP Helper" >> setting. >> >> I looked at the system_start_ftp_helpers function in >> /etc/inc/config.inc, but it doesn't seem to add the WAN interface to >> the array it uses to start the daemons. So the question is - should >> the FTP helper run on the WAN interface, or does it not run on the WAN >> interface by design? > > It's done in filter.inc for WAN interfaces, what you're looking at > there is for outbound client FTP rather than inbound server. If you > have a port forward for TCP 21 it will automatically launch the helper > if it is enabled on that WAN.
Hmm, I'm pretty sure that we had a NAT rule forwarding port 21 to the internal server, but it was a Proxy-ARP IP which would explain why it wasn't getting started - though I'm pretty sure we tried an "Other" VIP. Which brings up another question: If we have to use a CARP IP, what should be entered for the VIP password and group? I thought that CARP IPs were primarily used for setting up high availability between two pfSense boxes... Looking further at the code in filter.inc, looks like there's a number of reasons pftpx might not be getting started. Looks like I'll have to enable debugging to troubleshoot further - how can I do that? Thanks! -Dave --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org