Date: Thu, 28 May 2009 15:25:19 -0300 From: Alexandre Biancalana <biancalana@gmail.com> To: Scott Ullrich <sullrich@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Multiple ftp servers behind pf with carp multi-ip Message-ID: <8e10486b0905281125l662e1f98r5b5a68e172d56684@mail.gmail.com> In-Reply-To: <d5992baf0905271512n7a66ad26n91c1a645fd526d3c@mail.gmail.com> References: <8e10486b0905271442j224b37f5nceccaba929a08f8a@mail.gmail.com> <d5992baf0905271512n7a66ad26n91c1a645fd526d3c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 27, 2009 at 7:12 PM, Scott Ullrich <sullrich@gmail.com> wrote: > On Wed, May 27, 2009 at 5:42 PM, Alexandre Biancalana > <biancalana@gmail.com> wrote: >> Hi list, >> >> I have two firewall with 7.2-STABLE, PF and Carp for failover. >> >> The machine have one physical interface dedicated to two internet >> links (from different providers) and using two vlans on top of this >> physical interface. Each vlan have one real ip address and a carp >> interface with multiple real ip addresses for each vlan. I have three >> ftp servers with invalid ip addresses behind the firewall that need to >> be accessible from internet. >> >> Then I configured ftp-proxy in the following way: >> >> ftp-proxy -a <internal_fw_ip> -b <ftp_external_ip> -p21 -R <ftp_internal= _ip> >> >> When ftp_external_ip is an ip associated to the carp interface, the >> ftp connection is unstable, some times the connection is opened, some >> times the connection is broken in the middle of list command or before >> enter the password. If I start the ftp-proxy command using as >> ftp_external_ip the ip associated with the vlan interface everything >> works great. >> >> This machines are in production, so I'm building a lab with virtual >> machines to do some experiments and try to reproduce this. >> >> Did someone had seen something like this before ? > > Sure have with pfSense many times. =A0 =A0You might want to give this > custom pftpx-route port a try that we have. =A0You can start an instance > of pftpx for each wan and then it will do the required route-to work. > > http://www.pfsense.org/~sullrich/ported_software/pftpx_routeto/ Hi Scott, Thank you for your reply. Against what versions o pftpx this patch can be applied ? I'm running 7.2-STABLE on amd64 and the binary file supplied does not work= . Best Regards, Alexandre Biancalana
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e10486b0905281125l662e1f98r5b5a68e172d56684>