Had some fun setting up a FTP server, on a OPT interface on a pfSense router.

On the legacy router setup, we had Virtual IP for the ftp server. With this setup, we would put in a port forward to the ftp server in the DMZ, and everything would play nice.

With pfSense, you need to tweak some settings to get things happening.

After setting up my virtual IPs, and setting up some WAN rules, we couldn't connect to the ftp server via any interface. Problem turns out to be a combination of using the virt IP (as apposed to the primary IP of the WAN interface as the IP you are using to access ftp from the WAN side), and a little pfSense userland ftp-proxy setting

I sifted through some pfSense forum entries, and the following links gave me the clues:

http://forum.pfsense.org/index.php/topic,6218.0.html

http://doc.pfsense.org/index.php/FTP_Troubleshooting

So I went through things step by step, and as suggested:

1. remove all ftp rules (WAN side) I setup previously
2. removed the Virtual IP - I HAD to use the WAN interface primary IP address - the Virtual IP would NOT work - had to make an A record change and notify users of the change
3. went to Interfaces -> WAN -> unticked the Disable the userland FTP-Proxy application (also unticked on the other interfaces)
4. this auto created a WAN rule: * * * ext_WAN_IP 21 *
5. then added another WAN rule: * * * ftpserver_opt_IP 21 *
6. for users in the LAN, I made an internal DNS override for the ftp domain name to point to the ftp server's internal IP address - eg: ftp.blah.com -> 192.168.1.1 (normally on the net, it would point to the WAN interface primary IP address in the A record)

Took a bit of time, but finally sorted it out and now we are back to ftp serving via pfSense!