What is pftpx?
-
2. I think is my LAN interface is listening. I am right?
ps auwx | grep pftpx |grep -v grep
proxy 742 0.0 0.0 656 420 ?? Ss 3:43PM 0:00.07 /usr/local/sbin/pftpx -c 8021 -g 8021 192.168.0.229
There should be a second line saying :
…
proxy 8180 0.0 0.1 656 444 ?? SNs 1:51PM 0:00.00 /usr/local/sbin/pftpx -f 192.168.1.2 -b 90.5.251.247 -c 21 -g 21
192.168.1.2 -> is my local FTP server.
90.5.251.247 -> is my (current) WAN IP…It's working .... :)
-
Dear All,
This is my current configuration
LAN - Disable FTP Helper - UNCHECKED
DMZ - Disable FTP Helper - Checked
WAN - Disable FTP Helper - CheckedScenario 1:
If i select Disable FTP Helper in LAN, users in LAN will not be able to access to the FTP server in DMZ using Smart FTP program. It have problem listing the folders.Scenario 2:
I have another FTP server in LAN, when access from public, it have problem listing the folders. I had allowed FTP access to the server in the firewall rules. The server is using 1:1 NAT.Any ideas?
-
There was a couple FTP bugs fixed when you do not have a default allow LAN rule installed. Is this the case for you?
-
I define all the rules in LAN interface without using the default rules. In this case i should not have the FTP problem mentioned??
-
If you are not using a default allow all LAN rule then this is a bug and will be fixed in the next coming weeks.
-
Thanks Sullrich.
-
Dear Sullrich,
I had patched my PFsense to 1.0.1-SNAPSHOT-01-24-2007
Referring to FTP discussion in the forum i had configure my PFSENSE as below
WAN & LAN interface - disable the userland FTP proxy application - UNCHECKED
My FTP server connected to LAN interface and using NAT to have its own public address.
In firewall rules:
LAN - server outgoing to any - FTP (21) allow.
WAN - any incoming to FTP server - FTP(21) allow.When i test from public, i am able to FTP to the server public address and authenticate. However unable to transfer data or do listing.
I assume that this latest Snapshot had fixed the bug you mentioned.
-
also be sure wat you are doing. for passive ftp mode you need to map a large amount of tcp ports on your ftp-server and allow this ports to interact with any and cofigure this ports to be used by your ftp server for passive ftp mode. for active ftp mode you no only need to map 21 port to your ftp server, but also allow traffic going from port nr 20 to any from ftp server.
-
The ftphelper usually takes care of all this. You only need port 21 usually and the helper will do the rest.
-
The ftphelper usually takes care of all this. You only need port 21 usually and the helper will do the rest.
but what about multihomed multi-WAN setups? active ftp works only with ftp helper (similar to conntrack_ftp from iptables or not?)
recently i configured my pfsense to serve dual-WAN setup. wan interface works with htp-helper and i disabled ftp helper for opt1 interface and mapped a large amount of tcp ports to the server and it works. server is configured to act with the OPT1 public IP in headers, so ftp-helper on wan interface still can work well, and connections coming from OPT1 are served too. but what to do to work with the third wan connection?
-
FAQ. Multiwan and FTP do not work.
This has been mentioned hundreds of times on the forum and there is even a faq entry at faq.pfsense.com
-
Dual-WAN and ftp works well!!!!
but one and only bug i see is that when somebody connects to my server from WAN (where still work ftp-helper) in my server logs i see only my pfsense lan IP, not ip address of the user from outside :)
-
Dual-WAN and ftp works well!!!!
but one and only bug i see is that when somebody connects to my server from WAN (where still work ftp-helper) in my server logs i see only my pfsense lan IP, not ip address of the user from outside :)
It will always show the pfsense ip in the server logs. Theres no way around that as pftpx is proxying the connections.
-
every WAN interface on my system is serving dedicated ip-networks. it is made for traffic cost economy for users from different local area networks, that didnt have free of charge peering between each other. my question is - is it possible to change ftp-servers headers (containing server IP for data transer) in passive mode based on accesing IP? i would ask this question also on filezilla server forum, but maybe you guys know.
or maybe its possible to get work pfsense and filezilla server alltogether? pfsense would in any way do acknowledge to the ftp server from wich interface connection is coming, some sort of ftp-helper, but server-wide :)
-
every WAN interface on my system is serving dedicated ip-networks. it is made for traffic cost economy for users from different local area networks, that didnt have free of charge peering between each other. my question is - is it possible to change ftp-servers headers (containing server IP for data transer) in passive mode based on accesing IP? i would ask this question also on filezilla server forum, but maybe you guys know.
or maybe its possible to get work pfsense and filezilla server alltogether? pfsense would in any way do acknowledge to the ftp server from wich interface connection is coming, some sort of ftp-helper, but server-wide :)
It is possible, yes, with pftpx-routeto, which is in the pfPorts collection in the tools repo.
Although it would require some effort to bring into our backend.
-
you mean we need to create bounty? :) i found one solution a minute ago, i can setup multiple instances of ftp server, listening to the different ports and fix a multiWAN issue :)
-
you mean we need to create bounty? :) i found one solution a minute ago, i can setup multiple instances of ftp server, listening to the different ports and fix a multiWAN issue :)
Well a bounty sure wouldn't hurt ;)
-
first of all what exctly pftpx-routeto can do?
its time to completely fix a multiwan ftp issue for all pfsense users :)
-
It can route out multiple wans.
-
I tried using smartFTP as the client and tested with both active and passive.
But i am still unable to list the directory. I am able to authenticate to the FTP server.
