OUTBOUND FTP RULES?

PedrolmX

Hello
I need to connect from my private lan to an external ftp server. i think it does not support active connection.
Do i have to set particular rules on my lan pfsense firewall?
I tried disabling both
userland ftp proxy application in LAN and WAN
pfsense 1.2 thanks in advice!

Perry

Let's say you have booted from the livecd with it's default values there really shouldn't be any problem unless the ftp site has a long welcome message.
http://devwiki.pfsense.org/FTPTroubleShooting
http://forum.pfsense.org/index.php/topic,7001.0.html

PedrolmX

The only differencies are that i am using squind and squid guard
I tried both disabled but it does not work anyway in passive ftp mode (hangs on ls command)
I am behind a 3com router and lan is configured as:

dynamic IP by provider on 3COM 3CRWDR101A-75
192.168.111.254 dmz on 3COM 3CRWDR101A-75

192.168.111.168 pfsense 1.2 WAN
10.0.0.2 pfsense 1.2 LAN

10.0.0.x myLAN

MY NAT and RULES:

WAN NAT
WAN  TCP  3389 (MS RDP)  Server (ext.: 192.168.111.168)  3389 (MS RDP) RDP   
WAN  TCP  80 (HTTP)        Server (ext.: 192.168.111.168)  80 (HTTP) HTTP   
WAN  TCP  443 (HTTPS)     Server (ext.: 192.168.111.168)  443 (HTTPS) HTTPS

LAN rules
*  LAN net  *  *  *  *     Default LAN -> any

WAN rules
   TCP  *  *  Server  3389 (MS RDP)  *     NAT Server RDP     
   TCP  *  *  WAN address  543  *     outside pfsense admin PORT 543     
   TCP  *  *  Server  80 (HTTP)  *     NAT Server HTTP     
   TCP  *  *  Server  443 (HTTPS)  *     NAT Server HTTPS

Active mode works passive mode no… help...

fastcon68

I had a similar problem rescently.  My brother was having issues with netflix and other internet issues.  We found out the he was behind a second firewall.

DSL - 67.xxx.xxx.xxx internal 192.168.2.1  the internal Router 192.168.2.1 internal network 192.168.1.1

We ended up bridging the network, I bridged the DSL to the Linksys router.  I took the middle tier out.  That seemed to have resolved most of their issues.

In a different case I had to do the following:
On PFSense I created firewall rules to expose my internal network to the DMZ then on the External device.  Then created rules there to allow the traffic through the external router.

The biggest issue I have is that you now are managing multiple rule sets.  You will need to make sure that you have reservations set or static addresses set for the internal FTP and make sure that they match up on the out firewall rule set.

RC

PedrolmX

:) :) :) :)
I changed LAN settings on router (enabled dhcp server) and WAN settings on pfsense(to DHCP client) now it works! GREAT!
Would like to know what the real problem was … maybe MTU or something on the route?
Thank u all guys!