Don't use external IP for local connections appears broken
|Operating system type:
|Operating system version:
|Windows 2008 Server SP2
This FTP server is accessed in two ways: the internet via NAT, and over a VPN to a second private network. Under 0.9.36 beta, the server is accessible via both Internet and VPN with the following passive mode settings:
Radio Button "Use the following IP:" selected, and the WAN IP from pfSense is entered
Don't use external IP for local connections is checked
Use custom port range is checked
The local subnet of the FTP server is 192.168.xx.xx/23
The local subnet of the VPN accessing the server is 10.xx.xx.xx/24
When upgrading to 0.9.37 beta, the VPN users were unable to connect to the FTP server. It turns out under 0.9.37 beta, using radio button "Default" allowed VPN users to connect, but not Internet users; radio button "Use the following IP:" allowed Internet users to connect, but not VPN users, even with "Don't use external IP for local connections" checked - users on the FTP server's local subnet were able to connect.
By saying VPN users could not connect, I specifically mean "via the FTP server's internal IP address. Those same users could access it using the Internet IP address. It appears the checkbox "Don't use external IP for local connections" no longer considers 10.xx.xx.xx to be a local connection, but does consider local subnet addresses to be local.
Once I downgraded to 0.9.36 beta, simultaneous access was restored for both Internet and VPN users, using the internet and internal IPs respectively.
- http://www.g6ftpserver.com/en/ftptest was used for Internet connectivity testing.
- I have not tested other subnets than the VPN 10.xx.yy.zz range.
- The VPN is maintained by pfSense v1.23.
- VPN users can access other machines on the FTP server's local subnet without issues.