pfSense

I've read the forums and on some sites that the pfsense (specifically ftp-proxy) can not handle external connections to internal FTP servers when using a secondary link.
After some research and testing I believe I have found a solution to the problem.

• Disable ftp-proxy
  System -> Advanced -> System tunables
  debug.pfftpproxy=1

• Run a reverse proxy-ftp instance for each WAN.
  ftp-proxy -p 8021 -R internal_ftp_server -P 21 -D7 -v
  ftp-proxy -p 8022 -R internal_ftp_server -P 21 -D7 -v

• Run an instance of ftp-proxy to LAN
  ftp-proxy -p 8023

• Add anchors to /etc/inc/filter.inc
  $natrules .= "nat-anchor \"ftp-proxy/*\"\n\n"
  $natrules .= "rdr-anchor \"ftp-proxy/*\"\n"
  $ipfrules .= "\nanchor \"ftp-proxy/*\"\n"

• Port Forward
  rdr pass on $LAN proto tcp from $LanNet to any port 21 -> 127.0.0.1 port 8023 "Redirect pass outbound ftp to ftp-proxy"
  rdr pass on $WAN1 proto tcp from any to $WAN1address port 21 -> 127.0.0.1 port 8021 "Redirect pass inbound ftp to ftp-proxy"
  rdr pass on $WAN2 proto tcp from any to $WAN2address port 21 -> 127.0.0.1 port 8022 "Redirect pass inbound ftp to ftp-proxy"

• Lan Rule
  pass in on $LAN inet proto tcp from $LanNet to 127.0.0.1 8023 flags S/SA keep state label "Pass to ftp-proxy"