Multiple ftp servers behind pf with carp multi-ip
Alexandre Biancalana
biancalana at gmail.com
Thu May 28 18:25:21 UTC 2009
On Wed, May 27, 2009 at 7:12 PM, Scott Ullrich <sullrich at gmail.com> wrote:
> On Wed, May 27, 2009 at 5:42 PM, Alexandre Biancalana
> <biancalana at gmail.com> wrote:
>> Hi list,
>>
>> I have two firewall with 7.2-STABLE, PF and Carp for failover.
>>
>> The machine have one physical interface dedicated to two internet
>> links (from different providers) and using two vlans on top of this
>> physical interface. Each vlan have one real ip address and a carp
>> interface with multiple real ip addresses for each vlan. I have three
>> ftp servers with invalid ip addresses behind the firewall that need to
>> be accessible from internet.
>>
>> Then I configured ftp-proxy in the following way:
>>
>> ftp-proxy -a <internal_fw_ip> -b <ftp_external_ip> -p21 -R <ftp_internal_ip>
>>
>> When ftp_external_ip is an ip associated to the carp interface, the
>> ftp connection is unstable, some times the connection is opened, some
>> times the connection is broken in the middle of list command or before
>> enter the password. If I start the ftp-proxy command using as
>> ftp_external_ip the ip associated with the vlan interface everything
>> works great.
>>
>> This machines are in production, so I'm building a lab with virtual
>> machines to do some experiments and try to reproduce this.
>>
>> Did someone had seen something like this before ?
>
> Sure have with pfSense many times. You might want to give this
> custom pftpx-route port a try that we have. You can start an instance
> of pftpx for each wan and then it will do the required route-to work.
>
> http://www.pfsense.org/~sullrich/ported_software/pftpx_routeto/
Hi Scott,
Thank you for your reply.
Against what versions o pftpx this patch can be applied ?
I'm running 7.2-STABLE on amd64 and the binary file supplied does not work.
Best Regards,
Alexandre Biancalana
More information about the freebsd-pf
mailing list