NAT/FTP Issues
-
Hmm, it looks good from here. Where are you testing from? Are you testing from LAN? I notice you have NAT Reflection enabled which leads me to believe you're testing internally. This will only lead to headaches.
-
Testing from outside of the LAN using a laptop with internet connection and Filezila FTP Client.
-
Anything of note in either a) your System log or b) your FTP server log?
-
The FTP Log i get from the client shows:
Response: 331 Please specify the password.
Command: PASS ********
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 "/home/pi"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (92,27,78,166,224,132)
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listingI cannot see anything obviously wrong on the System logs, but I might not be looking in the right place. Any suggestions where to look specifically?
-
Sorry, brainfart. I meant your firewall log. Look for any traffic being blocked to or from your FTP server.
-
Cant see anything in the firewall log that jumps out at me either.
-
I had just upgraded from 2.1.5 to 2.2.2 this past Friday. I just now tested my FTP site (we don't rely on it much at all so I didn't check it when doing my post-upgrade sanity check). My FTP site no longer works. FTP client (WinSCP) says that the transfer channel can't be opened. Looks like I'm in the same boat as you now for having upgraded.
-
I have gone back to basics on this and installed a fresh copy of pfsense with all the default settings and none of the extra rules to see if I can find where the problem might be.
I installed a version 2.1.5 then upgraded to 2.2.2, set up the NAT rule the same as seen in my previous post pointing at the same FTP server and it worked perfectly. I then added the second WAN interface to the pfsense box and again it worked fine but when I added the third I got the same problem described previously with the directory listings not being returned.
anyone have any ideas?
-
The fix for me was that I was using translating the passive port range to a range that overlapped the FTP control and data ports (stupid). Once I fixed that it worked again.
-
Slight update on my end, made a mistake when checking the version it seems it didn't work on 2.2.2 for me. Rolled back to 2.1.5 and it is working fine for me now on both configuration.
