Can't connect to FTP server

Biffe · May 6, 2013, 7:56 AM

We installed PF Sense, and everything is working great. But I got a problem with one of the users that can't connect to a ftp server. I hope that you guys know what I have to check/uncheck, im not that skilled with firewalls, so bear with me if I missed out any needed information.

Best regards

Kenneth

wallabybob · May 6, 2013, 8:44 AM

@Biffe:

But I got a problem with one of the users that can't connect to a ftp server.

I presume its a user on the LAN side of pfSense attempting to connect to a FTP server on the Internet. Normally FTP client will connect to FTP server and give the server a port number so the server can connect back to the client. One connection is used for control, the other for data transfer. The connection from server back to the client is normally blocked by a firewall. The user should give the appropriate ftp command to set the server into passive mode so that the client opens both connections rather than the server opening one.

Biffe · May 6, 2013, 9:53 AM

Thank you for the input on the issue, If I get the IP + port number from her, can you guide me trough how to setup pfsense.

Thanks

Kenneth

wallabybob · May 6, 2013, 10:26 AM

@Biffe:

Thank you for the input on the issue, If I get the IP + port number from her, can you guide me trough how to setup pfsense.

No.
1. You haven't given me configuration information: ftp from which pfSense interface TO which pfSense interface.
2. As previously mentioned, in certain configurations no firewall tweaking is required.
3. The port assigned by the ftp client for the ftp server to connect commonly varies for every invocation of the ftp client.
4. There is no proper diagnosis of the original problem, only my speculation.

Biffe · May 6, 2013, 11:02 AM

1. You haven't given me configuration information: ftp from which pfSense interface TO which pfSense interface.
Local machine on our Lan needs to connect to an outside FTP server (wan)

2. As previously mentioned, in certain configurations no firewall tweaking is required.
We can't change anything on the FTP server, so i think we need a bit of tweaking since its being refused as it is.

3. The port assigned by the ftp client for the ftp server to connect commonly varies for every invocation of the ftp client.
Ill try to find out the ftp details, she just mailed me that it wasnt working anymore after the new firewall was installed.

4. There is no proper diagnosis of the original problem, only my speculation.
Correct speculations.

Kenneth

wallabybob · May 6, 2013, 12:57 PM

@Biffe:

We can't change anything on the FTP server, so i think we need a bit of tweaking since its being refused as it is.

Check the documentation for the ftp client being used. ftp client on my Ubuntu netbook will enter passive mode if the client is invoked with the "-p" command line option, for example:```
ftp -p 192.168.1.1

Biffe · May 6, 2013, 2:07 PM

Problem solved.

Our ISP changed our IP number a few weeks back during the firewall setup, and the FTP she connects to filter off any non verifyed IPs, and since they didnt have our new IP it was just rejected. Sorry to have taken your time with this.

Kenneth