Greetings list, I've successfully set up pfSense running 2 WAN links. Everything appears to be running correctly with the exception of FTP, both inbound and outbound.
For background info, both ISPs provide a /29 range which has been correctly defined under Proxy ARP. Those IPs are then assigned to servers using 1:1 NAT, so each internal server has 2 IPs allocated - one from ISP1 and one from ISP2. Connecting from outside to SSH on both IPs for each client works correctly. One client PC is running an FTP server on the default port (21) with a passive range of 23580-23590. Ports 21 and 23580-23590 are correctly allowed under firewall rules on both WAN and OPT1: TCP * * rhea 21 (FTP) * FTP -> rhea TCP * * rhea 23580 - 23590 * FTP -> rhea (rhea is an alias defined as 10.10.0.2, which is where 1:1 NAT points the 2 external IPs to) Users connecting from outside are able to connect perfectly on ISP1's IP (WAN), but not on ISP2's IP (OPT1). I have swapped the ISP connections around and the same is still true, so it is definitely not an ISP-specific issue. Outbound FTP (i.e. connecting to servers outside the local network) does not work at all. Connecting to an FTP server results in the following: Status: Connecting to ftp.server.com ... Status: Connected with ftp.server.com. Waiting for welcome message... The FTP client sits like this until it times out. I have tried multiple ftp clients from multiple local PCs, in both passive and active modes. I have tried "FTP userland proxy" both enabled and disabled on WAN and OPT1, to no avail. I have also tried forcing FTP traffic down one specific ISP's gateway (thus bypassing the load balancing), but also to no avail. If anyone has any thoughts on either issue I'd be most grateful. Regards, Chris -- C.M. Bagnall, Director, Minotaur I.T. Limited This email is made from 100% recycled electrons --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
