[pfSense Support] FTP in a Multi-WAN setup
Greetings list, We have a number of pfSense boxes out there, usually with two ADSL connections into each. When we first started down the multi-WAN route, there was an issue with FTP, to which someone had rather helpfully posted a workaround on the forum: insert a rule on the LAN interface as follows: TCP LAN net * 127.0.0.1 * * This works around the issue perfectly, provided the following are true: a) the client trying to access a remote FTP server is on the LAN interface b) the first WAN interface is up it does not work on any other interfaces apart from the first LAN interface (even with a similar rule on that interface as follows): TCP OPT1 net* 127.0.0.1 * * Nor does it work if WAN1 is down for whatever reason. So, a couple of questions for other multi-WAN users if I may: 1) is this workaround still necessary in more recent versions of pfSense (=1.2.3)? 2) if so, is there any way to work around the two limitations above? Thanks in advance! Regards, Chris -- For full contact details visit http://www.minotaur.it This email is made from 100% recycled electrons - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FTP in a Multi-WAN setup
On Wed, Sep 30, 2009 at 1:57 PM, Chris Bagnall li...@minotaur.cc wrote: Greetings list, We have a number of pfSense boxes out there, usually with two ADSL connections into each. When we first started down the multi-WAN route, there was an issue with FTP, to which someone had rather helpfully posted a workaround on the forum: insert a rule on the LAN interface as follows: TCP LAN net * 127.0.0.1 * * This works around the issue perfectly, provided the following are true: a) the client trying to access a remote FTP server is on the LAN interface b) the first WAN interface is up it does not work on any other interfaces apart from the first LAN interface (even with a similar rule on that interface as follows): TCP OPT1 net * 127.0.0.1 * * Nor does it work if WAN1 is down for whatever reason. So, a couple of questions for other multi-WAN users if I may: 1) is this workaround still necessary in more recent versions of pfSense (=1.2.3)? Only 2.0 can help you with this. 2) if so, is there any way to work around the two limitations above? Thanks in advance! Regards, Chris -- For full contact details visit http://www.minotaur.it This email is made from 100% recycled electrons - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FTP in a Multi-WAN setup
On 30/09/09 12:57, Chris Bagnall wrote: So, a couple of questions for other multi-WAN users if I may: 1) is this workaround still necessary in more recent versions of pfSense (=1.2.3)? 2) if so, is there any way to work around the two limitations above? use sftp instead? :-P - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FTP in a Multi-WAN setup
Chris Bagnall wrote: it does not work on any other interfaces apart from the first LAN interface (even with a similar rule on that interface as follows): TCP OPT1 net* 127.0.0.1 * * Weird, it works on my every OPTx interface. Are you sure you do not have FTP-helper disabled on OPT interface? Evgeny - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
How come older version *1.2.2* built on Sat Jan 17 17:24:57 EST 2009 has This allows packets with ip options to pass otherwise they are blocked by default i.e. with multicast routing/proxing. in Rules-Edit-Advanced but the latest snapshot *1.2.3-RC3* built on Wed Sep 30 17:10:49 UTC 2009 does not have this feature? 1.2.2 firewall_rules_edit.php line 89: /* advanced */ if (isset($a_filter[$id]['allowopts'])) $pconfig['allowopts'] = true; $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; 1.2.3 firewall_rules_edit.php line 9: /* advanced */ $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; Could somebody fix this please or provide the reason why this extremely useful feature was removed? Thank you! Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
On Wed, Sep 30, 2009 at 5:17 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: How come older version *1.2.2* built on Sat Jan 17 17:24:57 EST 2009 has This allows packets with ip options to pass otherwise they are blocked by default i.e. with multicast routing/proxing. in Rules-Edit-Advanced but the latest snapshot *1.2.3-RC3* built on Wed Sep 30 17:10:49 UTC 2009 does not have this feature? It was never there. Not sure where you're getting that, but it's not in 1.2.2. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
Chris Buechler wrote: On Wed, Sep 30, 2009 at 5:17 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: How come older version *1.2.2* built on Sat Jan 17 17:24:57 EST 2009 has This allows packets with ip options to pass otherwise they are blocked by default i.e. with multicast routing/proxing. in Rules-Edit-Advanced but the latest snapshot *1.2.3-RC3* built on Wed Sep 30 17:10:49 UTC 2009 does not have this feature? It was never there. Not sure where you're getting that, but it's not in 1.2.2. May I send you screenshot? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
On Wed, Sep 30, 2009 at 5:21 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: May I send you screenshot? It will not do any good. I just downloaded 1.2.2 from: ftp://reflection.ncsa.uiuc.edu/pub/pfSense/updates/pfSense-Full-Update-1.2.2.tgz [su:~/Desktop/pfSense-Full-Update-1.2.2] sullrich% cd usr/local/www/ [su:usr/local/www] sullrich% cat firewall_rules_edit.php | grep allowopts [su:usr/local/www] sullrich% That option is not in there. You must have mixed and matched code from 2.0 when you where testing something. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
Scott Ullrich wrote: On Wed, Sep 30, 2009 at 5:21 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: May I send you screenshot? It will not do any good. I just downloaded 1.2.2 from: ftp://reflection.ncsa.uiuc.edu/pub/pfSense/updates/pfSense-Full-Update-1.2.2.tgz [su:~/Desktop/pfSense-Full-Update-1.2.2] sullrich% cd usr/local/www/ [su:usr/local/www] sullrich% cat firewall_rules_edit.php | grep allowopts [su:usr/local/www] sullrich% That option is not in there. You must have mixed and matched code from 2.0 when you where testing something. Scott Well, I am sorry for confusion... but could you please confirm that this is from 2.0 filter.inc, starting at line 1961: if ($type == pass) { if (isset($rule['allowopts'])) $aline['allowopts'] = allow-opts ; if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) ) if($rule['protocol'] == tcp) $aline['flags'] = flags S/SA ; PS: I must stop playing with pfSense -((( - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
On Wed, Sep 30, 2009 at 5:27 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Well, I am sorry for confusion... but could you please confirm that this is from 2.0 filter.inc, starting at line 1961: if ($type == pass) { if (isset($rule['allowopts'])) $aline['allowopts'] = allow-opts ; if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) ) if($rule['protocol'] == tcp) $aline['flags'] = flags S/SA ; No, I see: $cron_item = array(); PS: I must stop playing with pfSense -((( Why do you say that? Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
Scott Ullrich wrote: On Wed, Sep 30, 2009 at 5:27 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Well, I am sorry for confusion... but could you please confirm that this is from 2.0 filter.inc, starting at line 1961: if ($type == pass) { if (isset($rule['allowopts'])) $aline['allowopts'] = allow-opts ; if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) ) if($rule['protocol'] == tcp) $aline['flags'] = flags S/SA ; No, I see: $cron_item = array(); PS: I must stop playing with pfSense -((( Why do you say that? Scott Because it would be stupid to copy at least two files filter.inc and firewall_rules_edit.php from 2.0 to 1.2.2. And I do not recall I modified this part of these files on any of my test boxes, but I do remember I was happy when I discovered this check-box... Now I am not sure on which version I discovered it first... Mystery... firewall_rules_edit.php on my 1.2.2 box is 35773 bytes in size. On 2.0 it is 49332. Ok, may be I am too tired today. Just note for myself: this check-box is available starting from 2.0. Thanks anyway and sorry for this mess. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org