I am pretty sure this was solved. Are you using an up to do date system? Run cvs_sync.sh releng_1 if you are on a full installation and please test again.
On 6/6/06, Rajkumar S <[EMAIL PROTECTED]> wrote:
Hi, I was playing with FTP port forwarding today and noticed that one of the automatic rules inserted by pfSense on wan interface is wrong. The offending rule is the one which allows packets hitting the WAN interface. I have taken couple of screen shots illustrating the problem. firewall-nat.png shows the nat rule I have added. firewall-rules.png shows the automatic rules that are added by pfSense. The red box shows missing Destination, which is the problem. firewall-rules-edit.png shows the destination when I edit the rule. If I change the Destination to Wan Address, nat works perfectly. There are also problems with killing and restarting pftpx, ie the kill and restart does not always work, but the pftpx gets started correctly after reboot. Unfortunatly I am not able to pinpoint the exact condetions to give a correct bug report. To get ftp server work correctly behind a port forwarding, the nat rule must be present, the firewall rules must allow ftp connection to WAN and to ftp server and "Disable the userland FTP-Proxy application" must be unticked. And after a reboot ps awux | grep pftpx must show a runnig pftpx similar to /usr/local/sbin/pftpx -f $ftp_server_ip -b $wan_ip -c 21 -g 21 and pfctl -s rules | grep ftp must show two rules similar to pass in quick on $wan_interface inet proto tcp from any to $wan_ip port = ftp flags S/SA keep state label "USER_RULE: Your Label" and pass in quick on $wan_interface inet proto tcp from any to $ftp_server_ip port = ftp keep state label "USER_RULE: Your Label" I have added this as an FAQ entry. raj --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
