NAT/FTP Issues
-
Hello All,
Recently I have been trying to get access to an FTP server on the inside of my pfsense box across the internet. Have set up port forwarding on the routers and have been able to access/use the FTP server when it is placed outside of the pfsense box, but when it is on the inside it can connect but is unable to retrieve the directory list.
Have tested this with a simple configuration on a fresh install of pfsense with only NAT to the ftp server and no other changes outside of the default settings and it worked fine.
Can anyone give any suggestions on what might be causing my issues. Thanks in advance.
-
Can anyone give any suggestions on what might be causing my issues.
Not without a lot more detail. NAT screen? WAN rules screen? How is your FTP server configured? Active/passive? Are you forwarding your passive port range?
-
I have attached screenshots of the NAT page, NAT rule and the firewall rules for that WAN interface.
The FTP server is set up as passive and the passive port range is being forwarded through the pfsense box.
 -
Hmm, it looks good from here. Where are you testing from? Are you testing from LAN? I notice you have NAT Reflection enabled which leads me to believe you're testing internally. This will only lead to headaches.
-
Testing from outside of the LAN using a laptop with internet connection and Filezila FTP Client.
-
Anything of note in either a) your System log or b) your FTP server log?
-
The FTP Log i get from the client shows:
Response: 331 Please specify the password.
Command: PASS ********
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 "/home/pi"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (92,27,78,166,224,132)
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listingI cannot see anything obviously wrong on the System logs, but I might not be looking in the right place. Any suggestions where to look specifically?
-
Sorry, brainfart. I meant your firewall log. Look for any traffic being blocked to or from your FTP server.
-
Cant see anything in the firewall log that jumps out at me either.
-
I had just upgraded from 2.1.5 to 2.2.2 this past Friday. I just now tested my FTP site (we don't rely on it much at all so I didn't check it when doing my post-upgrade sanity check). My FTP site no longer works. FTP client (WinSCP) says that the transfer channel can't be opened. Looks like I'm in the same boat as you now for having upgraded.
-
I have gone back to basics on this and installed a fresh copy of pfsense with all the default settings and none of the extra rules to see if I can find where the problem might be.
I installed a version 2.1.5 then upgraded to 2.2.2, set up the NAT rule the same as seen in my previous post pointing at the same FTP server and it worked perfectly. I then added the second WAN interface to the pfsense box and again it worked fine but when I added the third I got the same problem described previously with the directory listings not being returned.
anyone have any ideas?
-
The fix for me was that I was using translating the passive port range to a range that overlapped the FTP control and data ports (stupid). Once I fixed that it worked again.
-
Slight update on my end, made a mistake when checking the version it seems it didn't work on 2.2.2 for me. Rolled back to 2.1.5 and it is working fine for me now on both configuration.
