此回流问题解决方法同样适用于pfsense
具体设置
FTP服务配置
1. 进入 Firewall–nat–outbound
2. 为你的内网添加外出规则
Interface: WAN
Source: A.B.C.0/24(内网网段)
Destination.Type: any
3. 做 21 FTP服务映射
inbound rules 1:
Interface: WAN
External address: WAN Address
Protocol: TCP
External port range.from: 21
NAT IP: A.B.C.D1(FTP服务器地址)
Local port: 21
Auto Firewall rule: yes
inbound rules 2:
Interface: LAN
External address: WAN Address
Protocol: TCP
External port range.from: 21
NAT IP: A.B.C.D1(FTP服务器地址)
Local port: 21
outbound rules :
Interface: LAN
Source: A.B.C.0/24(内网网段)
Destination.Type: A.B.C.D1/32(FTP服务器地址)
Policy NAT.Enable: yes
Policy NAT.Protocol:TCP
Policy NAT.from: 21
4. 添加FTP服务被动工作模式NAT(经测试:此项可选 端口范围可以试着修改)
inbound rules 1:
Interface: WAN
External address: WAN Address
Protocol: TCP
External port range.from: 65000
External port range.to: 65100
NAT IP: A.B.C.D1(FTP服务器地址)
Local port: 65000
Auto Firewall rule: yes
inbound rules 2:
Interface: LAN
External address: WAN Address
Protocol: TCP
External port range.from: 65000
External port range.to: 65100
NAT IP: A.B.C.D1(FTP服务器地址)
Local port: 65000
outbound rules :
Interface: LAN
Source: A.B.C.0/24(内网网段)
Destination.Type: A.B.C.D1/32(FTP服务器地址)
Policy NAT.Enable: yes
Policy NAT.Protocol:TCP
Policy NAT.from: 65000
Policy NAT.to: 65100
FTP服务配置结束!
web服务配置
1. 添加WEB(80)端口映射
inbound rules 1:
Interface: WAN
External address: WAN Address
Protocol: TCP
External port range.from: 80
NAT IP: A.B.C.D2(WEB服务器地址)
Local port: 80
Load-balancing: yes
Auto Firewall rule: yes
inbound rules 2:
Interface: LAN
External address: WAN Address
Protocol: TCP
External port range.from: 80
NAT IP: A.B.C.D2(WEB服务器地址)
Local port: 80
Load-balancing: yes
outbound rules :
Interface: LAN
Source: A.B.C.0/24(内网网段)
Destination.Type: A.B.C.D2/32(WEB服务器地址)
Policy NAT.Enable: yes
Policy NAT.Protocol:TCP
Policy NAT.from: 80
WEB配置完成!