FTP in pfSense 2.0
-
IP_PublicWindowsClient –> Internet IP from client (Windows2k3 and Windows 2k8)
IPFTPLAN ---> Ip local (192.168.x.x where my ftp server)
IP_PublicFTP --> My Public IP
Note : bge0 Is LANWith Windows2K3 (Working)
all tcp IPFTPLAN :21 <- IP_PublicFTP:21 <- IP_PublicWindowsClient:2246 ESTABLISHED:ESTABLISHED
all tcp IP_PublicWindowsClient:2246 -> IPFTPLAN :21 ESTABLISHED:ESTABLISHED
bge0 tcp IP_PublicWindowsClient:2250 <- IPFTPLAN :20 FIN_WAIT_2:FIN_WAIT_2
all tcp IPFTPLAN :20 -> IP_PublicFTP:48730 -> IP_PublicWindowsClient:2250 FIN_WAIT_2:FIN_WAIT_2
With Windows2k8 not work
pfctl -vss | grep IP_PublicWindowsClient
all tcp IPFTPLAN :21 <- PublicFTP :21 <- PublicWindowsClient:49756 ESTABLISHED:ESTABLISHED
all tcp PublicWindowsClient :49756 -> IPFTPLAN :21 ESTABLISHED:ESTABLISHED
all tcp IPFTPLAN :20 -> PublicFTP:33868 -> PublicWindowsClient :49757 SYN_SENT:CLOSEDThank for your help
Edit : No idea ermal ?
-
Test with 2.0RC1 15 Mar.
Same Problem.
-
Can you provide me traffic captures when this happens!
It seems strange that the same protocol does not work for different versions of Windows? -
Hi,
For serucity reason and for best debug i send you XXXX.cap and log in private message.
the of course, the answer should be put here.
Best regards,
-
i am the only one with ftp problem?
-
Hi guys, don't know if it can help in your specifics scenarios, but as I fighted in the past for having a ftp server working well behind a pfsense box, here is what I had learned …
As an old protocol, ftp was not well designed to be NATed, if you use active mode, with port forward for port 21(connection) and port 20 (data), it works, not very fast but it works. The thing is that most ftp clients are pre-configured to use passive mode. And the problem we have is that passive mode use random ports to transmit data. So it's logic it freezes as port xxxx and not 20 or 21 is dropped by the box. In a ftp client GUI like in Filezilla, it will do some errors and retry transfer and browsing of files will be very slow or do not work.
To fix this, I remembered I used filezilla ftp server (free as the client) which allow you to set the port range used for passive connections, and this is very cool because then we just have to NAT this portrange (choose of a port range >1024 is better to respect conventions) in pfsense. This way it worked like a charm !If you have contraints like you cannot set, on server side, the passive portsrange the server will use and that you cannot choose/change the ftp server solution then you'll have to use a dedicated public ip and do 1:1 nat.
-
-
Try Cobian backup, it's a free and light tool that allow to set schedules transferring files to an ftp server.
http://educ.umu.se/~cobian/cobianbackup -
You can script something with the windows ftp command line and create a scheduled task or cron it with the linux command line ftp script.
-
Hello to everyone. I've just installed the last version of pfsense 2 and I'm having the same problem with ftp: I opened ports 20 and 21 with a Lan Firewall rule, but I can't connect to external ftp sites. I tried to connect to ftp site using firefox and filezilla, it seems to start the conncection but it hangs
-
I updated now at the last version, but problem persist! Please anyone could help me??
-
Any news about use of ftp behind pfsense?