Ftp passiv mode problem with FW Rules

eri--

Try out newer snapshots than this post it should be fixed.

kpa

With the latest snapshot "2.0-BETA1 built on Sun Apr 4 08:35:10 EDT 2010" outbound (from LAN) passive mode ftp seems to be broken, active mode works fine.

It seems that the ftp client is connecting to the WAN address of pfSense instead of the real address of the FTP server for the data connection when passive mode is used, anyone else notice this?

I'm not restricting outbound connections on LAN interface btw.

react

I'm seeing this as well with pfSense-2.0-BETA1-20100406-1034, kpa.

DennisBagley

yep - seeing this on Apr 5 20:35:18 build with pasv to external 3rd party ftp servers

seperately
active does not work for me either - not sure if its because of double nat [ lan->pfsnse->adsl_router(s) ] or just allowing huge fw inbound ports on wan

[ from 8.1 updater run on 8.0 box - still says 8.0 ??? is this right ??? ]

react

I've been running an old alpha for at least 6 months. When was the last build that worked for you guys?

I wonder if this change is implicit:

http://redmine.pfsense.org/repositories/revision/3/53e2d23469c707bf7d66ad680a0b1c422f2e6548

danswartz

I think you probably meant complicit, not implicit :)

react

Perhaps but in either case downgrading to 2.0-BETA1-20100331-1228 looks to have resolved this issue for me.

Does anyone care to file a bug report?

cmb

There is something broken in the FTP proxy since changes last week. Ermal is on vacation this week, he'll fix when he's back next week.

MrHorizontal

On snap 20100409-1808 whenever I try to start an FTP transaction I get a panic. For the record, it may be a conflict with OpenVPN since I'm shunting all data down an OPVN tunnel rather than the WAN…

eri--

Try newer snaps

kpa

Seems to be working again on "2.0-BETA1 built on Tue Apr 13 19:26:36 EDT 2010" snapshot, tested both active and passive mode. I didn't test with restrictive outbound rules on LAN.

Thanks Ermal :)

Guest

Hi guys, I have always problems with the passive, can I ask for some HowTo to pf2.0 or advice set it properly

EDITED

OK it's working without any rules in FW … SNAP from 13th

MrHorizontal

I still have a problem on "2.0-BETA1 built on Wed Apr 14 19:40:01 EDT 2010". Whenever an FTP transaction starts, it's OpenVPN that crashes.

This pf is setup to route through one of 7 OVPN instances…

pf-ftp-ovpn-crash.gif_thumb

eri--

can you please do a 'bt' at that prompt.
Please send me your pf.conf ruleset(mask any addresses that you need to).

limgad

if i understand correctly, passive ftp should now work out of the box.
In my case, it doesn't.
I tried downgrading to 04/13 snap but same thing. Active ftp works, but passive doesn't.

Any hints/ideas to what i might be setting wrong?

xbipin

passive ftp works on my alix running 1st may nanobsd snaps

limgad

Snap from May 1 works.
Thank god! (On my network i'm heavily dependent on ftp)

Thanks for the info xbipin