OMV Ftp passive mode behind Pfsense can not connect on MPLS network

  • Hello!
    How are you?


    We have a MPLS network, where PFsense control net access, make route to other points from this MPLS. It has a Public IP in one ethernet (200.x.x.x).and the second ethernet private IP (10.1.1.1) and more.
    Behind the PFsense we have OMV FTP configured in passive mode, Inside PFsense, has a NAT for OMV FTP with your port range (50000-60000). Into our PFsense net private (not the points mpls) we can access ftp by private IP (10.1.1....) but, If we try to connect by Public IP (200.x.x.x) inside our Pfsene net, it does not make connection. But, if someone is out our PFsense net and out from our MPLS net, the connection works.


    For example: by my house I can connect without problem the FTP (200.x.x.x).


    We need that it works inside our PFsense net, because we need that other points into MPLS can make access OMV FTP


    Ok ok ok, you can say to me, go to write in PFsense Forum. Yes, I do it many times and read many times, and not fix it still.


    Only to know if someone do this configuration, or can help me


    Thaks your attention


    Douglas

    Douglas Giovani Oechsler
    Prudentópolis-PR-Brazil

  • In order to connect to a LAN host from another LAN host using the public IP that is being forwarded to that LAN host you must enable NAT reflection in pfsense. See:


    https://doc.pfsense.org/index.…from_my_LAN/OPTx_networks


    If you aren't getting answers in the pfsense forum about this well known topic, you are probably not asking clearly.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    subzero - I am sorry friend, I do not understand what you tell me!


    A static host entry in the lan, for example a normal dns query to nytimes.com would give me 170.149.159.130


    Let's say you host the nytimes website in a server in your lan (192.168.0.20), so you want to access the website from your LAN instead of WAN


    Now add a static entry in host file in a LAN client /etc/hosts pointing to the internal IP


    192.168.0.20 nytimes.com


    Now all access to that website from that client will go to the internal lan IP. The same can be deployed yo all lan clients with a static entry in the router.


    But as @gderf mentioned is called nat reflection in pfsense, in others is called nat loopback. Didn't take me more than 30 seconds to find the pfsense documentation pointing to that.

  • In order to connect to a LAN host from another LAN host using the public IP that is being forwarded to that LAN host you must enable NAT reflection in pfsense. See:


    https://doc.pfsense.org/index.…from_my_LAN/OPTx_networks


    If you aren't getting answers in the pfsense forum about this well known topic, you are probably not asking clearly.


    Hey Freinds


    Thanks for help.
    Gderf, with your help I fix it - THANKS. Its working :)


    Subzero, thanks for you too. You ever, ever want help us. Thank you.


    Have a GOOD day and good Job


    Douglas

    Douglas Giovani Oechsler
    Prudentópolis-PR-Brazil

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!