PfSense 2.0 RC3 and client FTP
-
Ok. Note that active FTP data comunication is started by client with source port 20, not destination port.
-
I changed to source port 20-21 destination 20-21 and could transfer a little bit of data, but the error still occurs… :( .
I´m really in trouble with that, because a paying client needs this to keep working. I can have some trouble with that...Tks for all.
Danilo
-
Ok.
Cmd port 21 (destination)
Data port 20. Active mode(source)
Data ports passive mode (destination)If you know FTP server ip and you 'trust' this server, enable all outbound ports to it and use passive mode for data transfer.
-
dont know if you already try to dissable the ftp proxy on your lan interface, that do the trick for me and allowing me to conect to a ftp server behind pfsense
cheers!
-
Cmd port 21 (destination)
Data port 20. Active mode(source)
Data ports passive mode (destination)Sorry, i didn´t know wath you mean with that :-\
If you know FTP server ip and you 'trust' this server, enable all outbound ports to it and use passive mode for data transfer.
Yes, i trust this ftp server. I just don´t know how to do what you said. About the passive mode, i don´t think it can be done. The client software has the ftp routine inside it, i can´t just change it. :(
And no, i´m not an ftp expert. I´m not even a pfsense expert, i´m just trying to be. -
Take a look át. Google to see how FTP works.
FTP Can send files in active or passive mode.
Know how protocol works is the first step before creating rules to permit or deny it.
-
Even I am facing the similar issue.
I have a dual WAN setup with failover configuration. There is an application that uses Windows 2k3 FTP.exe to connect to a remote server and download some patches. Microsoft in its all wisdom has done away with PASV mode on FTP.exe and client can not connect to the server in active mode.
Passive mode works just fine with filezilla on the same FTP server.
I tried running ftp-proxy, but there were no anchors for ftp-proxy, so it couldn't create any firewall rules dynamically.
How do I make the client working in active mode itself and how do I debug if kernel ftp helper is working?
-
I had to turn off my pfSense box and reactivate a hardware-based router with load balance to avoid problems with this client, but this caused me another problems. >:(
In another box with just one WAN ftp works fine, without modifications. By these days i'll turn it on again, but Google, forums, etc still didn't gave me any idea nor even a light… :-
Very good product, but i'm becoming very frustrated with that.
Sorry if i was melancholic, but... -
You can also buy few hours of paid support.
I'm sure it will work. -
I wonder if you're seeing the same issue that I am? (reported here: http://forum.pfsense.org/index.php/topic,42980.msg222115.html)
My workaround was to force outgoing FTP traffic across the default gateway.
