Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP access times out, but pfSense has port 21 forwarded?

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator
      last edited by

      well dest * doesn't work.. You need your WAN address there.. pick it from the drop down wan address.

      Pretty scarry letting know some 192.168.1.42 address – what you think someone is going to hack you with that rfc1918?  That we all have on our own local networks and is not routable on the internet???

      So you do understand there is no helper now.. You would need to forward the passive ports your going to use to your server if you want clients to be able to use passive to get to your vs just active.. Since they are prob behind nat is well active ftp could be an issue for them.

      Out of curiosity - why are you using ftp vs sftp.  Which is 1 port and actually secure...

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

      1 Reply Last reply Reply Quote 0
      • E Offline
        eiger3970
        last edited by

        So, I'll try to make SFTP work, rather than FTP. (Although I need to figure out 'jailing' the access to 1 directory as SFTP accesses all directories).

        I don't know, just trying to reduce the chance of hackers by hiding some of the LAN IP.

        I updated pfSense > Firewall > NAT > Port Forward to:
        If: WAN
        Proto: TCP
        Src. addr: *
        Src. ports: *
        Dest. addr: WAN address
        Dest. ports: 22
        NAT IP: 192.168.1.xxx
        NAT Ports: 22 (SSH)

        I tested via Shell$ ssh admin@domain.com
        Password for admin@pfSense.localdomain: (I don't know what this is or what password?)
        Password for admin@pfSense.localdomain: (I don't know what this is or what password?)
        Password for admin@pfSense.localdomain: (I don't know what this is or what password?)
        admin@domain.com's password: (I enter correct password)
        Permission denied, please try again.

        1 Reply Last reply Reply Quote 0
        • D Offline
          doktornotor Banned
          last edited by

          Erm… you need to get SSH/SFTP running on the machine which serves files. And stop hiding the RFC1918 IPs, it just prevents useful advise and 300000% useless regarding any hackers. WTH is 192.168.1.xxx? Sounds like pfSense box itself from the output you see.

          P.S. Note: Any testing MUST be done from WAN. Not from LAN.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            ^ exactly as always spot on advice.. I have nothing else to add, other than please post screen shots of your rules going forward..  See at bottom is forward to 22, it is so much easier to see what is going on - maybe other rules that may cause problems, etc. etc..

            there is no reason to hide 192.168.x.x, or 10.x.x.x or 172.16-31.x.x address space..  These are private ranges that everyone on the planet it is using, it no way what so ever compromises your security letting someone know that you forward 22 to a machine on your network with address 192.168.9.7 for example in my case.

            Here is what it does do when you hide it, makes it so we really have no freaking clue to what your doing or attempting to do.. And clearly points out that your basic understanding is nil, because only users with no understanding of private or public ip addresses would hide private addresses.

            nat-firewall.png
            nat-firewall.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • E Offline
              eiger3970
              last edited by

              Ok, point taken, thank you.

              So, I think access is now working via the pfSense router.

              I think the problem is my misunderstanding of FTP and SFTP.
              FTP I believe accesses virtual hosts, such as:
              Remote machine > OS > server software > website1 (domain1.com) > user1.
              Remote machine > OS > server software > website1 (domain1.com) > user2.
              Remote machine > OS > server software > website2 (domain2.com) > user1.
              Remote machine > OS > server software > website2 (domain2.com) > user2.
              FTP access still doesn't work.
              Error: Server refused FTP over TLS, as per https://ftptest.net/.

              The server is running FTP.

              However, SFTP I believe cannot access virtual hosts and can only access:
              Remote machine > OS > server software IP address 192.168.1.165.
              This would then show:
              /root/home/domain1.com/public_html
              /root/home/domain2.com/public_html

              So, I believe I have to jail the directories, so a user can only see domain1.com/public_html and not see domain2.com.

              SFTP access still doesn't work.
              Error: ssh: Could not resolve hostname ftp.domain1.com: Name or service not known
              Couldn't read packet: Connection reset by peer

              The server is running SSH.

              Shell output in remote machine/usr/log/secure (trying to access the remote server):
              192.168.1.110 is the local machine trying to access the remote machine.
              192.168.1.165 is the remote machine.
              192.168.1.190 is the pfSense router.

              Sep 20 08:30:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 08:30:01 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 08:30:02 centos sshd[21621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:30:04 centos sshd[21621]: Failed password for root from 80.157.192.81 port 55559 ssh2
Sep 20 08:30:04 centos sshd[21622]: Received disconnect from 80.157.192.81: 11: Bye Bye
Sep 20 08:30:07 centos sshd[21645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:30:09 centos sshd[21645]: Failed password for root from 80.157.192.81 port 57631 ssh2
Sep 20 08:30:09 centos sshd[21646]: Received disconnect from 80.157.192.81: 11: Bye Bye
Sep 20 08:30:12 centos sshd[21649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:30:14 centos sshd[21649]: Failed password for root from 80.157.192.81 port 60103 ssh2
Sep 20 08:30:14 centos sshd[21650]: Received disconnect from 80.157.192.81: 11: Bye Bye
Sep 20 08:30:17 centos sshd[21651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:30:19 centos sshd[21651]: Failed password for root from 80.157.192.81 port 34305 ssh2
Sep 20 08:35:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 08:35:01 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 08:40:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 08:40:01 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 08:40:13 centos sshd[21997]: Accepted publickey for root from 192.168.1.110 port 38661 ssh2
Sep 20 08:40:13 centos sshd[21997]: pam_unix(sshd:session): session opened for user root by (uid=0)
Sep 20 08:45:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 08:45:01 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 08:50:02 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 08:50:02 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 08:50:51 centos sshd[22337]: Invalid user xiuzuan from 114.112.54.22
Sep 20 08:50:51 centos sshd[22338]: input_userauth_request: invalid user xiuzuan
Sep 20 08:50:51 centos sshd[22337]: pam_unix(sshd:auth): check pass; user unknown
Sep 20 08:50:51 centos sshd[22337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:50:51 centos sshd[22337]: pam_succeed_if(sshd:auth): error retrieving information about user xiuzuan
Sep 20 08:50:53 centos sshd[22337]: Failed password for invalid user xiuzuan from 114.112.54.22 port 35542 ssh2
Sep 20 08:50:54 centos sshd[22338]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:50:57 centos sshd[22339]: Invalid user plesk from 114.112.54.22
Sep 20 08:50:57 centos sshd[22340]: input_userauth_request: invalid user plesk
Sep 20 08:50:57 centos sshd[22339]: pam_unix(sshd:auth): check pass; user unknown
Sep 20 08:50:57 centos sshd[22339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:50:57 centos sshd[22339]: pam_succeed_if(sshd:auth): error retrieving information about user plesk
Sep 20 08:50:59 centos sshd[22339]: Failed password for invalid user plesk from 114.112.54.22 port 38446 ssh2
Sep 20 08:50:59 centos sshd[22340]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:51:02 centos sshd[22341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:51:04 centos sshd[22341]: Failed password for root from 114.112.54.22 port 41704 ssh2
Sep 20 08:51:04 centos sshd[22342]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:51:06 centos sshd[22343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:51:08 centos sshd[22343]: Failed password for root from 114.112.54.22 port 45053 ssh2
Sep 20 08:51:08 centos sshd[22344]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:51:11 centos sshd[22345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:51:12 centos sshd[22345]: Failed password for root from 114.112.54.22 port 47688 ssh2
Sep 20 08:51:13 centos sshd[22346]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:51:15 centos sshd[22347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:51:16 centos sshd[22347]: Failed password for root from 114.112.54.22 port 50373 ssh2
Sep 20 08:51:16 centos sshd[22348]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:51:21 centos sshd[22349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:51:24 centos sshd[22349]: Failed password for root from 114.112.54.22 port 52796 ssh2
Sep 20 08:51:24 centos sshd[22350]: Received disconnect from 114.112.54.22: 11: Bye Bye
Sep 20 08:51:26 centos sshd[22351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 08:51:28 centos sshd[22351]: Failed password for root from 114.112.54.22 port 57659 ssh2
Sep 20 08:51:37 centos sshd[21997]: Received disconnect from 192.168.1.110: 11: disconnected by user
Sep 20 08:51:37 centos sshd[21997]: pam_unix(sshd:session): session closed for user root
Sep 20 08:51:50 centos sshd[22419]: Accepted publickey for root from 192.168.1.110 port 38811 ssh2
Sep 20 08:51:50 centos sshd[22419]: pam_unix(sshd:session): session opened for user root by (uid=0)
Sep 20 08:55:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 08:55:01 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 09:00:02 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 09:00:02 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 09:00:22 centos sshd[22711]: Invalid user admin from 192.168.1.190
Sep 20 09:00:22 centos sshd[22712]: input_userauth_request: invalid user admin
Sep 20 09:00:49 centos sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
Sep 20 09:00:49 centos sshd[22711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 09:00:49 centos sshd[22711]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Sep 20 09:00:51 centos sshd[22711]: Failed password for invalid user admin from 192.168.1.190 port 1406 ssh2
Sep 20 09:00:54 centos sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
Sep 20 09:00:54 centos sshd[22711]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Sep 20 09:00:56 centos sshd[22711]: Failed password for invalid user admin from 192.168.1.190 port 1406 ssh2
Sep 20 09:00:58 centos sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
Sep 20 09:00:58 centos sshd[22711]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Sep 20 09:01:00 centos sshd[22711]: Failed password for invalid user admin from 192.168.1.190 port 1406 ssh2
Sep 20 09:01:00 centos sshd[22712]: Connection closed by 192.168.1.190
Sep 20 09:01:00 centos sshd[22711]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1$
Sep 20 09:01:11 centos sshd[22805]: Invalid user admin from 192.168.1.190
Sep 20 09:01:11 centos sshd[22806]: input_userauth_request: invalid user admin
Sep 20 09:01:34 centos sshd[22805]: pam_unix(sshd:auth): check pass; user unknown
Sep 20 09:01:34 centos sshd[22805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
Sep 20 09:01:34 centos sshd[22805]: pam_succeed_if(sshd:auth): error retrieving information about user admin
Sep 20 09:01:35 centos sshd[22805]: Failed password for invalid user admin from 192.168.1.190 port 25081 ssh2
Sep 20 09:01:36 centos sshd[22805]: Failed password for invalid user admin from 192.168.1.190 port 25081 ssh2
Sep 20 09:01:37 centos sshd[22805]: Failed password for invalid user admin from 192.168.1.190 port 25081 ssh2
Sep 20 09:01:37 centos sshd[22806]: Connection closed by 192.168.1.190
Sep 20 09:05:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 09:05:01 centos su: pam_unix(su:session): session closed for user postgres
Sep 20 09:10:02 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
Sep 20 09:10:02 centos su: pam_unix(su:session): session closed for user postgres
              1 Reply Last reply Reply Quote 0
              • D Offline
                doktornotor Banned
                last edited by

                Dude, don't get me wrong but which part of Any testing MUST be done from WAN. Not from LAN is hard to get? What are you "testing" from 192.168.1.190?  >:(

                Apparently random bots out there have about zero issues with connecting to your port-forwarded SSH:

                
Sep 20 08:30:04 centos sshd[21621]: Failed password for root from 80.157.192.81 port 55559 ssh2
Sep 20 08:30:09 centos sshd[21645]: Failed password for root from 80.157.192.81 port 57631 ssh2
Sep 20 08:30:14 centos sshd[21649]: Failed password for root from 80.157.192.81 port 60103 ssh2
Sep 20 08:30:19 centos sshd[21651]: Failed password for root from 80.157.192.81 port 34305 ssh2
Sep 20 08:50:51 centos sshd[22337]: Invalid user xiuzuan from 114.112.54.22
Sep 20 08:50:53 centos sshd[22337]: Failed password for invalid user xiuzuan from 114.112.54.22 port 35542 ssh2
Sep 20 08:50:57 centos sshd[22339]: Invalid user plesk from 114.112.54.22
Sep 20 08:50:57 centos sshd[22340]: input_userauth_request: invalid user plesk
Sep 20 08:51:04 centos sshd[22341]: Failed password for root from 114.112.54.22 port 41704 ssh2
Sep 20 08:51:08 centos sshd[22343]: Failed password for root from 114.112.54.22 port 45053 ssh2
Sep 20 08:51:12 centos sshd[22345]: Failed password for root from 114.112.54.22 port 47688 ssh2
Sep 20 08:51:16 centos sshd[22347]: Failed password for root from 114.112.54.22 port 50373 ssh2
Sep 20 08:51:28 centos sshd[22351]: Failed password for root from 114.112.54.22 port 57659 ssh2
                1 Reply Last reply Reply Quote 0
                • E Offline
                  eiger3970
                  last edited by

                  Oh, sorry, I forgot.
                  I tested FTP from outside the WAN and that failed.

                  SFTP was tested on the LAN.
                  I'm trying to think of a good way to test SFTP from the WAN. I guess using a friend's computer might be the best way, unless there's a handy trick, like the FTP testing service.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    how about canyouseeme.org pretty simple way to test if a port is open from the outside..

                    But clearly as dok already pointed out
                    Sep 20 08:30:09 centos sshd[21645]: Failed password for root from 80.157.192.81 port 57631 ssh2

                    That guy just tested from the outside and sure looks to be open..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • E Offline
                      eiger3970
                      last edited by

                      OK, I tested Sftp from outside the WAN too, and no connection.

                      The local server's /var/log/secure shows no log in attempt.

                      I ran a verbose command on the log in attempts from the remote client, which seems useful, by showing the issue seems to be 2 authentication methods:
                      gssapi-keyex. No valid key exchange.
                      gssapi-with-mic. Unspecified GSS failure. No Kerberos credentials available.

                      user@machine ~ $ ssh -v admin@domain.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to domain.com [xx.xxx.xxx.xx] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 7b:f5:0a:ff:55:33:3b:c3:10:28:6f:b3:9c:53:45:fc
debug1: Host 'domain.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug1: Next authentication method: password
admin@domain.com's password: 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
admin@domain.com's password: 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
admin@domain.com's password: 
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
                      1 Reply Last reply Reply Quote 0
                      • E Offline
                        eiger3970
                        last edited by

                        ssh root@domain.com, connects
                        ssh admin@domain.com, does not connect.
                        sftp root@domain.com, does not connect.
                        sftp admin@domain.com does not connect.

                        Issue is security is weak on SFTP/SSH as logs into root, to show whole server and websites.

                        FTP is clear text, but only allows access to 1 website.

                        I think I need to sort out my Unix system administration, as the pfSense access seems fixed.

                        1 Reply Last reply Reply Quote 0
                        • D Offline
                          doktornotor Banned
                          last edited by

                          Not to spoil your party, but… you shouldn't run a server. You are many OSI layers above port forwarding. Your problems with totally basic SSH usage and authentication have nothing to do with pfSense.

                          WTH are you trying to log as non-existent user?

                          
Failed password for invalid user admin

                          Move to CentOS forums.

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ Offline
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            "Issue is security is weak on SFTP/SSH as logs into root"

                            What??? Not even sure what to say here - agree with dok, this basic concept has nothing to do with pfsense operation.  Clearly your port forward is working but you don't understand how to use what your forwarded.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.