dude if your rule is any any out.. Then pfsense has ZERO to do with your ftp problem.. Again I suggest you read the link I gave you for how ftp works be it active or passive.
And filezilla will for sure give you info.. What was the port or pasv command?? After you authed.. Make sure in filezilla you click on show detailed log..
see the difference
Normal log:
Status: Selected port usually in use by a different protocol.
Status: Resolving address of ftp.sophos.com
Status: Connecting to 195.171.192.29:990…
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
Status: Disconnected from server
Detailed log:
Status: Selected port usually in use by a different protocol.
Status: Resolving address of ftp.sophos.com
Status: Connecting to 195.171.192.29:990...
Status: Connection established, waiting for welcome message...
Response: 220-Sophos FTP service
Response: 220 This is a private system - No anonymous login
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command: USER <snipped>Response: 331 User <snipped>OK. Password required
Command: PASS **********
Response: 230-User <snipped>has group access to: domain use
Response: 230 OK. Current restricted directory is /
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Extensions supported:
Response: EPRT
Response: IDLE
Response: MDTM
Response: SIZE
Response: REST STREAM
Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response: MLSD
Response: AUTH TLS
Response: PBSZ
Response: PROT
Response: UTF8
Response: ESTA
Response: PASV
Response: EPSV
Response: SPSV
Response: 211 End.
Command: OPTS UTF8 ON
Response: 200 OK, UTF-8 enabled
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 Data protection level set to "private"
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (195,171,192,29,195,212)
Command: MLSD
Response: 150 Accepted data connection
Response: 226-Options: -a -l
Response: 226 12 matches total
Status: Directory listing of "/" successful
See the PASV command and the response.. So this tells me the IP for client to connect too.. 195.171.192.29 and then the port (195*256)+212 or port 50132
So every time I hit dir refresh it makes a pasv command and the port changes.. And I can see that in pfsense state table.. See attached image.. Now when I try and use active I get different command.. PORT
Now when I use active mode..
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PORT 192,168,9,100,193,127
Response: 500 I won't open a connection to 192.168.9.100 (only to 24.13.x.x)
Error: Failed to retrieve directory listing
What is are problem here!!! My client sent its rfc1918 address.. And since this is a ftps connection the ftp active package can not fix that.. So how would the ftps server connect back to my private address.. And is port (193*256)+127 = 49535 forwarded to me??
So I can change filezilla to use my public IP.. See attached. I then tell it to use specific ports in active, and setup pfsense to forward those to my client.. And bing it works!! If does not then you need to troubleshoot your port forwarding, is it even getting to your firewall etc.. This is via a ftps connect as you can see from above where the control channel is encrypted and pfsense can not help with any package..
ftppasv.png
ftppasv.png_thumb
correctpublicIP.png
correctpublicIP.png_thumb
correctpublicIP.png
correctpublicIP.png_thumb
activeftp.png
activeftp.png_thumb</snipped></snipped></snipped>