Debug.pfftpproxy=1 to enable LAN to WAN FTP

traxxus · Jun 11, 2013, 10:29 AM

Some FTP sites are fine (although seemingly slower to list directories than the March 18th build I was running yesterday)

Same here. Superslow FTP browsing while debug.pfftpproxy=0

ncolunga · Jun 11, 2013, 11:09 AM

I have the same problem on 2.0.2, impossible to handle big files through ftp with default debug.pfftpproxy value.

arad85 · Jun 12, 2013, 5:36 PM

So has anyone entered a bug for this or had acknowledgement from any devs (apart from jimp here)? It's a fairly big deal-breaker. I have a fairly simple setup here and see it on some sites.

arad85 · Jun 13, 2013, 12:10 AM

gogol.. why did you delete your reply - I was fortunate enough to catch it and it solved all my problems (including slow to connect issues I've had for 18 months!!)

gogol · Jun 13, 2013, 8:35 AM

@arad85:

gogol.. why did you delete your reply - I was fortunate enough to catch it and it solved all my problems (including slow to connect issues I've had for 18 months!!)

I wasn't sure!
I am still encountering some problems (slow now and then), but it goes better. Disabling it works better for me.
For anyone who wants to try this is what I did:

Under System>Advanced>Firewall/Nat check under TFTP proxy you LAN interface and click Save
Under System>Advanced>System Tunables set debug.pfftp.proxy to "default" value

More on this in this article

swinn · Jun 15, 2013, 6:07 PM

I just noticed I haven't had any connections from a few people on my local FTP server in a while, so I started looking into it. Passive connections were working fine but I haven't had an active connection work since 6/2/13 when I must have done a firmware upgrade (2.1 RC0 x64). I changed debug.pfftpproxy to 1 and applied it and instantly active connections began working again for these people. Something changed with the ftp proxy (I'd say in May) which kept active connections from working. Sorry I don't have much more info at this time.

traxxus · Jun 27, 2013, 8:38 AM

@devs

Any news on this issue?

eri-- · Jun 27, 2013, 8:39 AM

I am workign on solving this.

traxxus · Jun 27, 2013, 4:06 PM

Great, thank you :D

eri-- · Jul 2, 2013, 9:03 AM

Please try with tomorrows snapshots.

traxxus · Jul 3, 2013, 6:21 AM

HI

Flashed 2.1RC0 from 2. Juli.
It is not better , connecting and dir list and filetrasnfer is slow as hell. That means it "hangs" VERY often between the FTP commands.. Without proxy it is superfast.

eri-- · Jul 3, 2013, 6:59 AM

Get ones from today ones :)

athurdent · Jul 4, 2013, 6:20 AM

2.1-RC0 (i386) built on Wed Jul 3 15:44:09 EDT 2013

is still broken. After trying FTP through the ALIX I tested with, it became unresponsive and seems to have crashed completely. Unfortunately it's in our DC on a recently broken KVM Switch, so I have no Console output.

traxxus · Jul 4, 2013, 6:49 AM

Tested it with build from 3. Juli.

FTP transfer hangs / stutter on the commands RETR and MLSD in FileZilla.

gogol · Jul 4, 2013, 6:59 AM

I still have debug.pfftp.proxy=1 in system tunables with July 3 build. Default value does not work for me.

eri-- · Jul 4, 2013, 7:02 AM

Can you please be more specific on what does not work?

gogol · Jul 4, 2013, 7:47 AM

@ermal:

Can you please be more specific on what does not work?

You have got a PM

athurdent · Jul 4, 2013, 9:28 AM

@ermal:

Can you please be more specific on what does not work?

How to reproduce:
Just setup a fresh pfSense install, plug one (Win 7) device behind it and open a freshly installed Firefox. Key in

ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/

and wait for "425 Failed to estabilsh connection".

doktornotor · Jul 4, 2013, 9:49 AM

@athurdent:

How to reproduce:
Just setup a fresh pfSense install, plug one (Win 7) device behind it and open a freshly installed Firefox. Key in
ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/
and wait for "425 Failed to estabilsh connection".

This works perfectly fine with SpeedCommander, Total Commander and FlashFXP (both active and passive mode). Sorry, but FF is braindead FTP "client".

Active:


Connect to: (04.07.2013 11:53:54)
hostname=dd-wrt.com
username=anonymous
startdir=/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/
dd-wrt.com=83.141.4.210
220 Welcome to DD-WRT FTP service.
USER anonymous
331 Please specify the password.
PASS ***********
230 Login successful.
SYST
215 UNIX Type: L8
FEAT
211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
 UTF8
211 End
HELP SITE
214-The following commands are recognized.
 ABOR ACCT ALLO APPE CDUP CWD  DELE EPRT EPSV FEAT HELP LIST MDTM MKD
 MODE NLST NOOP OPTS PASS PASV PORT PWD  QUIT REIN REST RETR RMD  RNFR
 RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
 XPWD XRMD
214 Help OK.
OPTS UTF8 ON
200 Always in UTF8 mode.
CWD /others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/
250 Directory successfully changed.
Connect ok!
PWD
257 "/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676"
Get directory
TYPE A
200 Switching to ASCII mode.
PORT 10,0,0,1,222,174
200 PORT command successful. Consider using PASV.
LIST
150 Here comes the directory listing.
Download
Waiting for server...
226 Directory send OK.

Passive:


Connect to: (04.07.2013 11:54:32)
hostname=dd-wrt.com
username=anonymous
startdir=/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/
dd-wrt.com=83.141.4.210
220 Welcome to DD-WRT FTP service.
USER anonymous
331 Please specify the password.
PASS ***********
230 Login successful.
SYST
215 UNIX Type: L8
FEAT
211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
 UTF8
211 End
HELP SITE
214-The following commands are recognized.
 ABOR ACCT ALLO APPE CDUP CWD  DELE EPRT EPSV FEAT HELP LIST MDTM MKD
 MODE NLST NOOP OPTS PASS PASV PORT PWD  QUIT REIN REST RETR RMD  RNFR
 RNTO SITE SIZE SMNT STAT STOR STOU STRU SYST TYPE USER XCUP XCWD XMKD
 XPWD XRMD
214 Help OK.
OPTS UTF8 ON
200 Always in UTF8 mode.
CWD /others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676/
250 Directory successfully changed.
Connect ok!
PWD
257 "/others/eko/BrainSlayer-V24-preSP2/2013/05-27-2013-r21676"
Get directory
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (83,141,4,210,241,176)
LIST
150 Here comes the directory listing.
Download
Waiting for server...
226 Directory send OK.

On that note, I must say pf/BSD does pretty impressive job here. Using active FTP from behind NAT has been just plain impossible with Linux/iptables-based firewalls.

athurdent · Jul 4, 2013, 10:11 AM

@doktornotor:

Sorry, but FF is braindead FTP "client".

Sure, but it used to work with Firefox. Plus it works behind all of the other Firewalls/Routers I have tested (Checkpoint, ASA, some D-Link device, DD-WRT, AVM Fritz…)
It's not only Firefox, Chrome does not work either.
I don't really care, but the average surfer/user will. So I posted a way how to reproduce the issue for debugging purposes.