Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0 RC3 and client FTP

    Scheduled Pinned Locked Moved NAT
    13 Posts 5 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      First of all, you need to allow FTP data traffic, port 21 works only to send cmd.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • B
        bbsoptions
        last edited by

        Oh sorry, i forgot to post it.

        First off all i allowed TCP/UDP from lan net to localhost port 8000 to 8030.
        Then allowed traffic TCP/UDP from lan net to internet ports 20-21 only trough WAN, not OPT1.
        The links i posted before say that i need to disable ftp_helper in WAN and OPT1 and enable in LAN, but 2.0 RC3 doesn´t have this button in Interfaces / LAN or WAN.

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Ok. Note that active FTP data comunication is started by client with source port 20, not destination port.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • B
            bbsoptions
            last edited by

            I changed to source port 20-21 destination 20-21 and could transfer a little bit of data, but the error still occurs… :( .
            I´m really in trouble with that, because a paying client needs this to keep working. I can have some trouble with that...

            Tks for all.

            Danilo

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              Ok.
              Cmd port 21 (destination)
              Data port 20. Active mode(source)
              Data ports passive mode (destination)

              If you know FTP server ip and you 'trust' this server, enable all outbound ports to it and use passive mode for data transfer.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • E
                Erny
                last edited by

                dont know if you already try to dissable the ftp proxy on your lan interface, that do the trick for me and allowing me to conect to a ftp server behind pfsense

                cheers!

                1 Reply Last reply Reply Quote 0
                • B
                  bbsoptions
                  last edited by

                  @marcelloc:

                  Cmd port 21 (destination)
                  Data port 20. Active mode(source)
                  Data ports passive mode (destination)

                  Sorry, i didn´t know wath you mean with that  :-\

                  @marcelloc:

                  If you know FTP server ip and you 'trust' this server, enable all outbound ports to it and use passive mode for data transfer.

                  Yes, i trust this ftp server. I just don´t know how to do what you said. About the passive mode, i don´t think it can be done. The client software has the ftp routine inside it, i can´t just change  it.  :(
                  And no, i´m not an ftp expert. I´m not even a pfsense expert, i´m just trying to be.

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Take a look át. Google to see how FTP works.

                    FTP Can send files in active or passive mode.

                    Know how protocol works is the first step before creating rules to permit or deny it.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • C
                      codemarauder
                      last edited by

                      Even I am facing the similar issue.

                      I have a dual WAN setup with failover configuration. There is an application that uses Windows 2k3 FTP.exe to connect to a remote server and download some patches. Microsoft in its all wisdom has done away with PASV mode on FTP.exe and client can not connect to the server in active mode.

                      Passive mode works just fine with filezilla on the same FTP server.

                      I tried running ftp-proxy, but there were no anchors for ftp-proxy, so it couldn't create any firewall rules dynamically.

                      How do I make the client working in active mode itself and how do I debug if kernel ftp helper is working?

                      1 Reply Last reply Reply Quote 0
                      • B
                        bbsoptions
                        last edited by

                        I had to turn off my pfSense box and reactivate a hardware-based router with load balance to avoid problems with this client, but this caused me another problems.  >:(

                        In another box with just one WAN ftp works fine, without modifications. By these days i'll turn it on again, but Google, forums, etc still didn't gave me any idea nor even a light…  :-
                        Very good product, but i'm becoming very frustrated with that.
                        Sorry if i was melancholic, but...

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          You can also buy few hours of paid support.
                          I'm sure it will work.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • J
                            jimicus
                            last edited by

                            I wonder if you're seeing the same issue that I am? (reported here: http://forum.pfsense.org/index.php/topic,42980.msg222115.html)

                            My workaround was to force outgoing FTP traffic across the default gateway.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.