What is pftpx?
-
The ftphelper usually takes care of all this. You only need port 21 usually and the helper will do the rest.
-
The ftphelper usually takes care of all this. You only need port 21 usually and the helper will do the rest.
but what about multihomed multi-WAN setups? active ftp works only with ftp helper (similar to conntrack_ftp from iptables or not?)
recently i configured my pfsense to serve dual-WAN setup. wan interface works with htp-helper and i disabled ftp helper for opt1 interface and mapped a large amount of tcp ports to the server and it works. server is configured to act with the OPT1 public IP in headers, so ftp-helper on wan interface still can work well, and connections coming from OPT1 are served too. but what to do to work with the third wan connection?
-
FAQ. Multiwan and FTP do not work.
This has been mentioned hundreds of times on the forum and there is even a faq entry at faq.pfsense.com
-
Dual-WAN and ftp works well!!!!
but one and only bug i see is that when somebody connects to my server from WAN (where still work ftp-helper) in my server logs i see only my pfsense lan IP, not ip address of the user from outside :)
-
Dual-WAN and ftp works well!!!!
but one and only bug i see is that when somebody connects to my server from WAN (where still work ftp-helper) in my server logs i see only my pfsense lan IP, not ip address of the user from outside :)
It will always show the pfsense ip in the server logs. Theres no way around that as pftpx is proxying the connections.
-
every WAN interface on my system is serving dedicated ip-networks. it is made for traffic cost economy for users from different local area networks, that didnt have free of charge peering between each other. my question is - is it possible to change ftp-servers headers (containing server IP for data transer) in passive mode based on accesing IP? i would ask this question also on filezilla server forum, but maybe you guys know.
or maybe its possible to get work pfsense and filezilla server alltogether? pfsense would in any way do acknowledge to the ftp server from wich interface connection is coming, some sort of ftp-helper, but server-wide :)
-
every WAN interface on my system is serving dedicated ip-networks. it is made for traffic cost economy for users from different local area networks, that didnt have free of charge peering between each other. my question is - is it possible to change ftp-servers headers (containing server IP for data transer) in passive mode based on accesing IP? i would ask this question also on filezilla server forum, but maybe you guys know.
or maybe its possible to get work pfsense and filezilla server alltogether? pfsense would in any way do acknowledge to the ftp server from wich interface connection is coming, some sort of ftp-helper, but server-wide :)
It is possible, yes, with pftpx-routeto, which is in the pfPorts collection in the tools repo.
Although it would require some effort to bring into our backend.
-
you mean we need to create bounty? :) i found one solution a minute ago, i can setup multiple instances of ftp server, listening to the different ports and fix a multiWAN issue :)
-
you mean we need to create bounty? :) i found one solution a minute ago, i can setup multiple instances of ftp server, listening to the different ports and fix a multiWAN issue :)
Well a bounty sure wouldn't hurt ;)
-
first of all what exctly pftpx-routeto can do?
its time to completely fix a multiwan ftp issue for all pfsense users :)
-
It can route out multiple wans.
-
I tried using smartFTP as the client and tested with both active and passive.
But i am still unable to list the directory. I am able to authenticate to the FTP server.
-
I had browse throught the forum regarding FTP. These are few doubts i am having
1. I had enable FTP proxy in all interface (WAN, LAN, SYNC and DMZ) in both master and secondary PFsense. However when using following command
# ps waux | grep ftp | grep -v grep
proxy 1270 0.0 0.0 656 420 ?? Ss Mon04PM 0:01.47 /usr/local/sbin/pftpx -c 8021 -g 8021 LAN Interface IP
proxy 52041 0.0 0.0 656 444 ?? Ss 3:41PM 0:00.01 /usr/local/sbin/pftpx -c 8023 -g 8021 SYNC Interface IPI cannot see the other interface WAN and DMZ IP. Any other setting required?
2. In syslog, i am getting this error
pfsense01 pftpx[1269]: #825 server refused connection3. I am using 1:1 nat. Where the server FTP server (sitting in LAN) is NAT to a public IP address and the IP is created as CARP IP in alias too. In WAN rules, i had allow port 21 to this server. I did not used Port Forward as mentioned in forum since I am using 1:1. Is this configuration correct??
As mentioned, external clients from Public Internet are able to authenticate but unable to list the directory using SMART FTP program.
Any ideas??regards
hsiang -
Upgrade to the latest snapshot.
-
I had update both pfsenseA (master) and pfsenseB (Backup) to 1.0.1-SNAPSHOT-02-21-2007
I had enable ftp-proxy (box unchecked) in all LAN, DMZ and WAN interface. But after issue command # ps waux | grep ftp | grep -v grep
I still only obtain pftpx proxy for interface below only
proxy 1290 0.0 0.0 656 416 ?? Ss 9:27AM 0:00.01 /usr/local/sbin/pftpx -c 8021 -g 8021 LAN
proxy 8663 0.0 0.0 656 488 ?? Ss 9:42AM 0:00.01 /usr/local/sbin/pftpx -c 8023 -g 8021 SYNCIn addition, problem became more messy as below:
1. When i connect to one of external remote site. I am able to authenticate but unable to list the directory. ( Response: 425 Can't open data connection. Error: Could not retrieve directory listing).
I tried to disable the LAN or WAN ftp-proxy. But still faced the same error.2. When i tried from internet to ftp to one of my FTP server in LAN. It having the same error too. ( Response: 425 Can't open data connection. Error:Could not retrieve directory listing)
I am using FileZilla to make the ftp connection. It having the same error too when i use command prompt.
-
Anyone can advise me on this…
i had tried my configurations
1. using both passive and active connection in FTP Client - FAILED.
2. enable / disable FTP-helper in LAN and WAN - FAILED.Regards
Hsiang -
dear all,
any advise… really need to up my internal FTP server..
any configuration i missed? -
I have update my pfsense to the latest firmware - 1.0.1-SNAPSHOT-03-08-2007 .
the FTP issue to external had resolve
the only issue now is that external client still unable to list the directory in my Internal FTP server locate in LAN segment.
For all interface i had enable FTP-Proxy..read the documentation, most is doing port forwarding… i am using 1:1 NAT for the FTP server... do i still need to do port forward???
-
I have same problems! FTP Clients from WAN are unable to transfer data or do listing! Thsi is big problem for me cause I have webshoting and many custommers can't use their FTP. I run pfS 1.01 and FTP helper is ON on all interfaces. Please help, is that a bug?
-
Upgrade to a recent snapshot. Lots of ftp-helper related glitches have been fixed.