Passive FTP to server behind NAT fails
-
Bump.
-
Repeatedly bumping your thread is unlikely to help.
-
Nothing else has worked. ::)
Just being the squeaky wheel hoping for some grease.
-
May i suggest you try another ftpd to verify it isen't the ftpd?
Or atleast bring some screenshots for us, of your port configuration. Maybe another point of view might help.
I've ran 3 different linux ftpds in the last 2 weeks, both passive and active mode worked. Tho none on windows.
But i did have to disable FTP helper to get passive working flawless. -
Hmm…I don't have any other OS than Windows to try at this particular site. I can certainly post my config, however.
I've looked around for a bit trying to find where I can disable the FTP helper, but have not found anything in the GUI. I think it used to be in the interface config in 1.2X, but I don't see it. Is it defined elsewhere in the GUI, or do I have to modify files?
![NAT rules.GIF](/public/imported_attachments/1/NAT rules.GIF)
![NAT rules.GIF_thumb](/public/imported_attachments/1/NAT rules.GIF_thumb) -
There are also other free FTP servers for Windows…
-
That use AD for auth as I require?
-
Does it need to have? It is about checking whether FTP in general works…
-
But i did have to disable FTP helper to get passive working flawless.
Can you tell me how you did that?
I can't seem to find the setting in 2.0 perhaps I'm looking in the wrong places ???
-
Yeah, I'm simply not seeing the option to disable it anywhere. I upgraded to the newer FTP 7.5 for IIS, and passive still doesn't work. It would appear that the FTP helper is "helping" by telling all external clients to connect to port 21 instead of the defined port range that is mapped in via NAT and configured on the server to use.
-
Yeah, I'm simply not seeing the option to disable it anywhere. I upgraded to the newer FTP 7.5 for IIS, and passive still doesn't work. It would appear that the FTP helper is "helping" by telling all external clients to connect to port 21 instead of the defined port range that is mapped in via NAT and configured on the server to use.
I'm having the same issue on 2 different boxes
One is the firewall infront of a server (of which one of the server functions is ftp supplied by pure-ftpd running on centos)
The other one is my firewall @ home,
I have issues with a lot of FTP servers and it seems to be caused by this, reconnect and all is well, it's always occurring when you need to open a Pasv connection to the ftp (Such as Doing a MSLD, LIST, PUT, GET.etc)
I seem to recall having issues on pfSense 1.3 but turned the ftp helper off and all was well, can't find that option on 2.0 anywhere though.
-
hello,
same here on the latest. as far as tested with 3 dozens of public/private ftp hosts, every single attempt for the very first PASV conncetion will be blocked by the ftp "HELPER" built into the kernel in 2.0 which can't be disabled unfortunately. so whenever you stuck while getting directory list, disconnect and reconnect again then everything starts working flawlessly 'cos you now have a session out to the server. i must say ftp helper "helps" blocking first PASV attempt while creating outgoing session. also, even PORT(active) doesn't work quite sometimes. same work around, try disconnect/connect, port/pasv several times. very annoying. this happens once in a while since ftp-helper has been built into the kernel.
-
@ermal:
Update to latest snapshot.
I dont have anymore FTP problems with this snapshot.
I'm replying because I see a lot of people having problems with FTP.
I had the same problems as others (passive mode only working at the second attempt) with a snapshot of around 20 september.Good work,
Thank you Ermal -
Huh??? I'm running the Sep. 28th snap, and I've NEVER gotten a passive FTP session to work when the FTP server is behind pfSense's NAT. Are you talking about having the FTP client behind pfSense?
-
Huh??? I'm running the Sep. 28th snap, and I've NEVER gotten a passive FTP session to work when the FTP server is behind pfSense's NAT. Are you talking about having the FTP client behind pfSense?
Yes, sorry for misunderstanding.
I was having problems with a client behind & natted by pfsense connecting to a passive ftp on the internet. Not tested with ftp server behind by pfsense. -
Hi,
is the issue not being able to connect to an ftp server (pasv mode) from inside the local lan ->pfsense-> wan resolved now?
Thanks!
-
That's never been the problem discussed here. The problem has always been an FTP server behind a pfSense NAT, with a client on the pfSense WAN trying to connect to the FTP server passively.
-
I also am trying to get a client working behind PfSense. Same problem as the rest of you here, dies on first passive connection. Using Thu Jan 13 build. Has anyone managed to get this to work?
-
no fix yet that I know of but you can follow any progress here:
http://redmine.pfsense.org/issues/1177
Roy…
-
We all know that the FTP protocol sucks, that there are better alternatives and et cetera, but it is one of those features that simply has to work. No matter what you might think about FTP, forcing every user over to something else or applying a special configuration to every machine does not work toward simplifying one's life.
What kind of bounty would it take to make a solid fix for the ftp helper a priority? I am not loaded but am feeling the need to at least put some money in someone's pocket for all the team has already given us.