Ftp issues
-
hello, i have a couple servers in a data center sitting behind a pfSense machine on their own private network. When I try to access ftp sites to download tarball packages for my freebsd machine, i recieve the following on almost ever ftp site.
fetch: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.7.tar.bz2: Operation timed out
=> Attempting to fetch from ftp://ftp.fu-berlin.de/unix/misc/pcre/.
fetch: ftp://ftp.fu-berlin.de/unix/misc/pcre/pcre-6.7.tar.bz2: Operation timed out
=> Attempting to fetch from ftp://ftp.tin.org/pub/libs/pcre/.Now when I try the above ftp sites from my home computer, it works just fine. Also the Windows 2003 machine at the data center behind the pfSense router has the same issue. Any suggestions? Ftp proxy is turned on.
here is some info i help hopes.
pfctl -s rules|grep ftp
anchor "ftpsesame/" all
anchor "ftpproxy" all
anchor "pftpx/" all
pass in quick on rl0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on rl0 inet proto tcp from any to 127.0.0.1 port = ftp keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on vr0 inet proto tcp from any port = ftp-data to (vr0) port > 49000 user = 62 flags S/SA keep state label "FTP PROXY: PASV mode data connection"sockstat |grep ftp
proxy pftpx 431 3 tcp4 127.0.0.1:8021 :
proxy pftpx 431 10 dgram (not connected)
proxy pftpx 431 12 tcp4 127.0.0.1:8021 192.168.0.12:63264
proxy pftpx 431 13 tcp4 66.11.117.176:52312 62.243.72.50:21192.168.0.12 is freebsd
-
Is the FTP proxy turned on, on the LAN interface? Make sure the box that reads disable ftp userland proxy is not checked. If I read what your saying correctly you can't access external FTP sites from behind the pfsense box.
-
the FTP proxy is enabled on the LAN interface and WAN interface. I can ftp into these sites without a hitch, however to get a directory listing or to be able to download a file i must switch ftp into active mode, in passive mode it will just time out.
-
What version of pfsense. Also instead of fetch try just ftp sitename and then go through the commands manually to grab the file. When in passive mode you will see output like
227 Entering Passive Mode (68,100,53,135,235,158)
150 Here comes the directory listing.
public_html
226 Directory send OK.The numbers in parenthesis are the ip address and I assume port numbers. When I originally had problems with ftp acess from outside to a server behind pfsense this was showing my private ip. When I switched to RC3 I had no more problems.
-
using RC3
bash-2.05b# ftp ftp.csx.cam.ac.uk
Connected to zircon.csx.cam.ac.uk.
220 ProFTPD 1.2.10rc1 Server (University Computing Service ftp server) [zircon.csx.cam.ac.uk]
Name (ftp.csx.cam.ac.uk:reza): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230- UNIVERSITY OF CAMBRIDGE ANONYMOUS FTP SERVER…...
......
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub/software/programming/pcre
250 CWD command successful
ftp> ls
229 Entering Extended Passive Mode (|||52473|)
^C
receive aborted. Waiting for remote to finish abort.
ftp> passive
Passive mode: off; fallback to active mode: off.
ftp> ls
200 EPRT command successful
150 Opening ASCII mode data connection for file list
drwxr-xr-x 2 ph10 ftpstaff 4096 Sep 20 09:09 Contrib
-rw-r--r-- 1 ph10 ph10 2201 Dec 11 2003 Public-Key
drwxr-xr-x 2 ph10 ftpstaff 4096 Oct 5 15:07 Testing
-rw-r--r-- 1 ph10 ftpstaff 261609 Jan 2 2002 pcre-3.9.tar.bz2
......
......
-rw-r--r-- 1 ph10 ph10 280 Jul 5 11:28 pcre-6.7.tar.gz.sig
226 Transfer complete.
ftp> -
Upgrade to 1.0-RC3e
-
I'm using 1.2rc1 and still having these ftp issues; simple cant read any ftp directory from my lan; any idea?
-
http://wiki.pfsense.com/wikka.php?wakka=FTPTroubleShooting
-
3. Switch to an alternative firewalling system
:(
???I would not like to do that;
and that wiki page sugestions doesnt worked to me…
-
Turn off the ftp helper at interfaces -> LAN.
-
it worked
;D ;D :D :D