DMZ and FTP Out

simonchs

@sullrich:

@simonchs:

Seems this problem still exist in 0.94.10… I can't FTP out even if I disable the ftp-helper for the DMZ (OPT1)...
And I've got the following stats:
self tcp 127.0.0.1:8022 <- 137.189.91.191:21 <- xx.xx.30.100:40899    CLOSED:SYN_SENT

137.189.91.191 is a anonymous FTP that I connect to, xx.xx.30.100 is my server IP under bridged DMZ

Fixed in 0.95+

I've just tried to disable the ftp-helper for LAN and WAN interface too, but still cannot get this work… is there any other setting I need to do?
Thanks.

sullrich

@simonchs:

@sullrich:

@simonchs:

Seems this problem still exist in 0.94.10… I can't FTP out even if I disable the ftp-helper for the DMZ (OPT1)...
And I've got the following stats:
self tcp 127.0.0.1:8022 <- 137.189.91.191:21 <- xx.xx.30.100:40899    CLOSED:SYN_SENT

137.189.91.191 is a anonymous FTP that I connect to, xx.xx.30.100 is my server IP under bridged DMZ

Fixed in 0.95+

Do you still entries like: self tcp 127.0.0.1:8022 ??

I've just tried to disable the ftp-helper for LAN and WAN interface too, but still cannot get this work… is there any other setting I need to do?
Thanks.

simonchs

yup, I still got the

self tcp 127.0.0.1:8022 <- 137.189.91.191:21 <- xx.xx.30.100:40899    CLOSED:SYN_SENT

in "Diagnostics: Show States" when I FTP out in DMZ server.

sullrich

@simonchs:

yup, I still got the

self tcp 127.0.0.1:8022 <- 137.189.91.191:21 <- xx.xx.30.100:40899    CLOSED:SYN_SENT

in "Diagnostics: Show States" when I FTP out in DMZ server.

Then the FTP helper isn't being deactivated.  Did you reboot after making the change?

simonchs

@sullrich:

Then the FTP helper isn't being deactivated.  Did you reboot after making the change?

yes, had to reboot both pfsense and the server after made the change.

simonchs

upgraded to BETA-1, and this problem still existing.

hoba

As you upgraded, can you try again with a fresh install and a from scratch recreated config without importing?

simonchs

problem fixed after upgrade to 1.0-PREBETA2-BUG-VALIDATION-EDITION3
thank you!  ;D

simonchs

oh no…
the problem haven't come out because the new option "Enable Filtering Bridge" was not checked, if I checked this option, the problem come back...

tcp 127.0.0.1:8022 <- ftp.server.ip:21 <- ip.under.opt1:56357 CLOSED:SYN_SENT
tcp 127.0.0.1:8022 <- ftp.server.ip:21 <- ip.under.opt1:56360 CLOSED:SYN_SENT

sullrich

Add the rules to allow ftp to talk to localhost.