Problem with redirection of ftp ports

A

ATitov

Active Member
May 22, 2017
1
0
41
46
Hi
I install Proxmox on server vs external static IP-address.
And then i make two networks.
eth0 - vmbr0 - (100) pfSense - vmbr1 - (101) FreeNAS
auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 80.XXX.XXX.XXX
netmask 255.255.255.0
gateway 80.XXX.XXX.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
# post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j NAT --to 10.0.2.16:21
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 21 -j NAT --to 10.0.2.16:21

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
# post-up echo 1 > /proc/sys/net/ipv4/ip_forward

All experiments ws iptables i do after read forums... But its not work :(

On vm (100) pfSense i have 2 interfaces:
WAN -> em0 -> 10.0.2.16/24
LAN -> em1 -> 10.10.10.254/24

On vm (101) FreeNAS only one interface%
10.10.10.100/24

From NAS internet work and i can download and upload files.

On pfSanse i make rules:
TCP/UDP * to destination 10.10.10.100 : 20
TCP/UDP * to destination 10.10.10.100 : 21
And on NAT PortForward:
TCP/UDP WAN 20 to 10.10.10.100 : 20
TCP/UDP WAN 21 to 10.10.10.100 : 21

But its all not work...
I cannot connect to ftp. And I don`t see in logs any errors...
 
ATitov said:
Hi
I install Proxmox on server vs external static IP-address.
And then i make two networks.
eth0 - vmbr0 - (100) pfSense - vmbr1 - (101) FreeNAS
auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 80.XXX.XXX.XXX
netmask 255.255.255.0
gateway 80.XXX.XXX.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
# post-up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j NAT --to 10.0.2.16:21
post-down iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 21 -j NAT --to 10.0.2.16:21

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
# post-up echo 1 > /proc/sys/net/ipv4/ip_forward

All experiments ws iptables i do after read forums... But its not work :(

On vm (100) pfSense i have 2 interfaces:
WAN -> em0 -> 10.0.2.16/24
LAN -> em1 -> 10.10.10.254/24

On vm (101) FreeNAS only one interface%
10.10.10.100/24

From NAS internet work and i can download and upload files.

On pfSanse i make rules:
TCP/UDP * to destination 10.10.10.100 : 20
TCP/UDP * to destination 10.10.10.100 : 21
And on NAT PortForward:
TCP/UDP WAN 20 to 10.10.10.100 : 20
TCP/UDP WAN 21 to 10.10.10.100 : 21
Click to expand...

AFAICS you use the qemu-kvm built-in NAT - it has a lot of restrictions and will lead to unexpected results when combining it with iptables etc. Make a new bridge (e.g. vmbr2) for 10.0.2.0/24 and define your own DHCP / NAT in Proxmox host.
 
Quick answer: Abandon FTP. It's dead for decades. Please use SFTP.

Longer answer:
In Linux: To get active FTP working over NAT, you often need the conntrack kernel modules for that as well. I' unfamiliar with pfSense, but there might be some similar setting you need to enable. Maybe you need to get dirty and use tcpdump on your client, your firewall and your server to look for clues what works and what does not. You can also switch to passive mode for FTP and test if that helps.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back