Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: Scacht on June 26, 2021, 10:06:08 PM

Title: FTP via WAN IP from local/internal clients
Post by: Scacht on June 26, 2021, 10:06:08 PM
Hi all,

I'm smashing my head against the wall and I'm sure I'm missing something simple.  I setup ftpproxy and I want to be able to FTP into a local server via local clients using the WAN interface, so I can use my domains without any fancy DNS work.  I can FTP in from outside the LAN easily, and everything works, but when I try a client on the local network, hangs on "Connection established, waiting for welcome message". 

I setup the FTP proxy using the defaults suggested and have the following rules:

Under WAN:
(https://i.imgur.com/al0p5we.png)
NAT:
(https://i.imgur.com/zzBByfK.png)
I can see traffic passing: (https://i.imgur.com/buq1eJV.png)

I'm sure it's something super simple I've overlooked.  Thoughts?
Title: Re: FTP via WAN IP from local/internal clients
Post by: Napsterbater on June 27, 2021, 05:06:20 AM
Use hostoveride via the DNS server to resolve a domain name to the Local IP.
Title: Re: FTP via WAN IP from local/internal clients
Post by: Greelan on June 27, 2021, 06:37:28 AM
Enable NAT reflection?
Title: Re: FTP via WAN IP from local/internal clients
Post by: Scacht on June 27, 2021, 06:48:36 AM
Quote from: Napsterbater on June 27, 2021, 05:06:20 AM
Use hostoveride via the DNS server to resolve a domain name to the Local IP.
I wanted to avoid it, but that's probably the best solution at this point.  Added an override and everything worked immediately inside and outside the network. 
Quote from: Greelan on June 27, 2021, 06:37:28 AM
Enable NAT reflection?
Already have, and tried several variants of the NAT settings.  Currently all 3 NAT reflections are enabled. 

What's frustrating is literally all of my other remote services work except accessing (via WAN IP/DNS) SSH and FTP locally.  My nginx reverse proxy has 0 issues.  I've probably been looking at it too long.

Title: Re: FTP via WAN IP from local/internal clients
Post by: Greelan on June 27, 2021, 07:08:03 AM
What interfaces is SSH listening on?
Title: Re: FTP via WAN IP from local/internal clients
Post by: Napsterbater on June 27, 2021, 07:10:48 AM
Quote from: Scacht on June 27, 2021, 06:48:36 AM
Quote from: Napsterbater on June 27, 2021, 05:06:20 AM
Use hostoveride via the DNS server to resolve a domain name to the Local IP.
I wanted to avoid it, but that's probably the best solution at this point.  Added an override and everything worked immediately inside and outside the network.

Why? Its the best way, why bounce traffic off the router unnecessarily (if on the same subnet), or why use hacks (NAT rewrites and mangels packets, it's a hack, especially hairpin/loopback/reflection)

Host overrides are akin (and basically) split horizon DNS.
Text only | Text with Images