Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP access times out, but pfSense has port 21 forwarded?

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      doktornotor Banned
      last edited by

      Erm… you need to get SSH/SFTP running on the machine which serves files. And stop hiding the RFC1918 IPs, it just prevents useful advise and 300000% useless regarding any hackers. WTH is 192.168.1.xxx? Sounds like pfSense box itself from the output you see.

      P.S. Note: Any testing MUST be done from WAN. Not from LAN.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        ^ exactly as always spot on advice.. I have nothing else to add, other than please post screen shots of your rules going forward..  See at bottom is forward to 22, it is so much easier to see what is going on - maybe other rules that may cause problems, etc. etc..

        there is no reason to hide 192.168.x.x, or 10.x.x.x or 172.16-31.x.x address space..  These are private ranges that everyone on the planet it is using, it no way what so ever compromises your security letting someone know that you forward 22 to a machine on your network with address 192.168.9.7 for example in my case.

        Here is what it does do when you hide it, makes it so we really have no freaking clue to what your doing or attempting to do.. And clearly points out that your basic understanding is nil, because only users with no understanding of private or public ip addresses would hide private addresses.

        nat-firewall.png
        nat-firewall.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • E Offline
          eiger3970
          last edited by

          Ok, point taken, thank you.

          So, I think access is now working via the pfSense router.

          I think the problem is my misunderstanding of FTP and SFTP.
          FTP I believe accesses virtual hosts, such as:
          Remote machine > OS > server software > website1 (domain1.com) > user1.
          Remote machine > OS > server software > website1 (domain1.com) > user2.
          Remote machine > OS > server software > website2 (domain2.com) > user1.
          Remote machine > OS > server software > website2 (domain2.com) > user2.
          FTP access still doesn't work.
          Error: Server refused FTP over TLS, as per https://ftptest.net/.

          The server is running FTP.

          However, SFTP I believe cannot access virtual hosts and can only access:
          Remote machine > OS > server software IP address 192.168.1.165.
          This would then show:
          /root/home/domain1.com/public_html
          /root/home/domain2.com/public_html

          So, I believe I have to jail the directories, so a user can only see domain1.com/public_html and not see domain2.com.

          SFTP access still doesn't work.
          Error: ssh: Could not resolve hostname ftp.domain1.com: Name or service not known
          Couldn't read packet: Connection reset by peer

          The server is running SSH.

          Shell output in remote machine/usr/log/secure (trying to access the remote server):
          192.168.1.110 is the local machine trying to access the remote machine.
          192.168.1.165 is the remote machine.
          192.168.1.190 is the pfSense router.

          Sep 20 08:30:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 08:30:01 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 08:30:02 centos sshd[21621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:30:04 centos sshd[21621]: Failed password for root from 80.157.192.81 port 55559 ssh2
          Sep 20 08:30:04 centos sshd[21622]: Received disconnect from 80.157.192.81: 11: Bye Bye
          Sep 20 08:30:07 centos sshd[21645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:30:09 centos sshd[21645]: Failed password for root from 80.157.192.81 port 57631 ssh2
          Sep 20 08:30:09 centos sshd[21646]: Received disconnect from 80.157.192.81: 11: Bye Bye
          Sep 20 08:30:12 centos sshd[21649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:30:14 centos sshd[21649]: Failed password for root from 80.157.192.81 port 60103 ssh2
          Sep 20 08:30:14 centos sshd[21650]: Received disconnect from 80.157.192.81: 11: Bye Bye
          Sep 20 08:30:17 centos sshd[21651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:30:19 centos sshd[21651]: Failed password for root from 80.157.192.81 port 34305 ssh2
          Sep 20 08:35:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 08:35:01 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 08:40:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 08:40:01 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 08:40:13 centos sshd[21997]: Accepted publickey for root from 192.168.1.110 port 38661 ssh2
          Sep 20 08:40:13 centos sshd[21997]: pam_unix(sshd:session): session opened for user root by (uid=0)
          Sep 20 08:45:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 08:45:01 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 08:50:02 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 08:50:02 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 08:50:51 centos sshd[22337]: Invalid user xiuzuan from 114.112.54.22
          Sep 20 08:50:51 centos sshd[22338]: input_userauth_request: invalid user xiuzuan
          Sep 20 08:50:51 centos sshd[22337]: pam_unix(sshd:auth): check pass; user unknown
          Sep 20 08:50:51 centos sshd[22337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:50:51 centos sshd[22337]: pam_succeed_if(sshd:auth): error retrieving information about user xiuzuan
          Sep 20 08:50:53 centos sshd[22337]: Failed password for invalid user xiuzuan from 114.112.54.22 port 35542 ssh2
          Sep 20 08:50:54 centos sshd[22338]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:50:57 centos sshd[22339]: Invalid user plesk from 114.112.54.22
          Sep 20 08:50:57 centos sshd[22340]: input_userauth_request: invalid user plesk
          Sep 20 08:50:57 centos sshd[22339]: pam_unix(sshd:auth): check pass; user unknown
          Sep 20 08:50:57 centos sshd[22339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:50:57 centos sshd[22339]: pam_succeed_if(sshd:auth): error retrieving information about user plesk
          Sep 20 08:50:59 centos sshd[22339]: Failed password for invalid user plesk from 114.112.54.22 port 38446 ssh2
          Sep 20 08:50:59 centos sshd[22340]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:51:02 centos sshd[22341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:51:04 centos sshd[22341]: Failed password for root from 114.112.54.22 port 41704 ssh2
          Sep 20 08:51:04 centos sshd[22342]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:51:06 centos sshd[22343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:51:08 centos sshd[22343]: Failed password for root from 114.112.54.22 port 45053 ssh2
          Sep 20 08:51:08 centos sshd[22344]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:51:11 centos sshd[22345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:51:12 centos sshd[22345]: Failed password for root from 114.112.54.22 port 47688 ssh2
          Sep 20 08:51:13 centos sshd[22346]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:51:15 centos sshd[22347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:51:16 centos sshd[22347]: Failed password for root from 114.112.54.22 port 50373 ssh2
          Sep 20 08:51:16 centos sshd[22348]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:51:21 centos sshd[22349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:51:24 centos sshd[22349]: Failed password for root from 114.112.54.22 port 52796 ssh2
          Sep 20 08:51:24 centos sshd[22350]: Received disconnect from 114.112.54.22: 11: Bye Bye
          Sep 20 08:51:26 centos sshd[22351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 08:51:28 centos sshd[22351]: Failed password for root from 114.112.54.22 port 57659 ssh2
          Sep 20 08:51:37 centos sshd[21997]: Received disconnect from 192.168.1.110: 11: disconnected by user
          Sep 20 08:51:37 centos sshd[21997]: pam_unix(sshd:session): session closed for user root
          Sep 20 08:51:50 centos sshd[22419]: Accepted publickey for root from 192.168.1.110 port 38811 ssh2
          Sep 20 08:51:50 centos sshd[22419]: pam_unix(sshd:session): session opened for user root by (uid=0)
          Sep 20 08:55:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 08:55:01 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 09:00:02 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 09:00:02 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 09:00:22 centos sshd[22711]: Invalid user admin from 192.168.1.190
          Sep 20 09:00:22 centos sshd[22712]: input_userauth_request: invalid user admin
          Sep 20 09:00:49 centos sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
          Sep 20 09:00:49 centos sshd[22711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 09:00:49 centos sshd[22711]: pam_succeed_if(sshd:auth): error retrieving information about user admin
          Sep 20 09:00:51 centos sshd[22711]: Failed password for invalid user admin from 192.168.1.190 port 1406 ssh2
          Sep 20 09:00:54 centos sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
          Sep 20 09:00:54 centos sshd[22711]: pam_succeed_if(sshd:auth): error retrieving information about user admin
          Sep 20 09:00:56 centos sshd[22711]: Failed password for invalid user admin from 192.168.1.190 port 1406 ssh2
          Sep 20 09:00:58 centos sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
          Sep 20 09:00:58 centos sshd[22711]: pam_succeed_if(sshd:auth): error retrieving information about user admin
          Sep 20 09:01:00 centos sshd[22711]: Failed password for invalid user admin from 192.168.1.190 port 1406 ssh2
          Sep 20 09:01:00 centos sshd[22712]: Connection closed by 192.168.1.190
          Sep 20 09:01:00 centos sshd[22711]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1$
          Sep 20 09:01:11 centos sshd[22805]: Invalid user admin from 192.168.1.190
          Sep 20 09:01:11 centos sshd[22806]: input_userauth_request: invalid user admin
          Sep 20 09:01:34 centos sshd[22805]: pam_unix(sshd:auth): check pass; user unknown
          Sep 20 09:01:34 centos sshd[22805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=$
          Sep 20 09:01:34 centos sshd[22805]: pam_succeed_if(sshd:auth): error retrieving information about user admin
          Sep 20 09:01:35 centos sshd[22805]: Failed password for invalid user admin from 192.168.1.190 port 25081 ssh2
          Sep 20 09:01:36 centos sshd[22805]: Failed password for invalid user admin from 192.168.1.190 port 25081 ssh2
          Sep 20 09:01:37 centos sshd[22805]: Failed password for invalid user admin from 192.168.1.190 port 25081 ssh2
          Sep 20 09:01:37 centos sshd[22806]: Connection closed by 192.168.1.190
          Sep 20 09:05:01 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 09:05:01 centos su: pam_unix(su:session): session closed for user postgres
          Sep 20 09:10:02 centos su: pam_unix(su:session): session opened for user postgres by (uid=0)
          Sep 20 09:10:02 centos su: pam_unix(su:session): session closed for user postgres
          
          
          1 Reply Last reply Reply Quote 0
          • D Offline
            doktornotor Banned
            last edited by

            Dude, don't get me wrong but which part of Any testing MUST be done from WAN. Not from LAN is hard to get? What are you "testing" from 192.168.1.190?  >:(

            Apparently random bots out there have about zero issues with connecting to your port-forwarded SSH:

            
            Sep 20 08:30:04 centos sshd[21621]: Failed password for root from 80.157.192.81 port 55559 ssh2
            Sep 20 08:30:09 centos sshd[21645]: Failed password for root from 80.157.192.81 port 57631 ssh2
            Sep 20 08:30:14 centos sshd[21649]: Failed password for root from 80.157.192.81 port 60103 ssh2
            Sep 20 08:30:19 centos sshd[21651]: Failed password for root from 80.157.192.81 port 34305 ssh2
            Sep 20 08:50:51 centos sshd[22337]: Invalid user xiuzuan from 114.112.54.22
            Sep 20 08:50:53 centos sshd[22337]: Failed password for invalid user xiuzuan from 114.112.54.22 port 35542 ssh2
            Sep 20 08:50:57 centos sshd[22339]: Invalid user plesk from 114.112.54.22
            Sep 20 08:50:57 centos sshd[22340]: input_userauth_request: invalid user plesk
            Sep 20 08:51:04 centos sshd[22341]: Failed password for root from 114.112.54.22 port 41704 ssh2
            Sep 20 08:51:08 centos sshd[22343]: Failed password for root from 114.112.54.22 port 45053 ssh2
            Sep 20 08:51:12 centos sshd[22345]: Failed password for root from 114.112.54.22 port 47688 ssh2
            Sep 20 08:51:16 centos sshd[22347]: Failed password for root from 114.112.54.22 port 50373 ssh2
            Sep 20 08:51:28 centos sshd[22351]: Failed password for root from 114.112.54.22 port 57659 ssh2
            
            
            1 Reply Last reply Reply Quote 0
            • E Offline
              eiger3970
              last edited by

              Oh, sorry, I forgot.
              I tested FTP from outside the WAN and that failed.

              SFTP was tested on the LAN.
              I'm trying to think of a good way to test SFTP from the WAN. I guess using a friend's computer might be the best way, unless there's a handy trick, like the FTP testing service.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                how about canyouseeme.org pretty simple way to test if a port is open from the outside..

                But clearly as dok already pointed out
                Sep 20 08:30:09 centos sshd[21645]: Failed password for root from 80.157.192.81 port 57631 ssh2

                That guy just tested from the outside and sure looks to be open..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • E Offline
                  eiger3970
                  last edited by

                  OK, I tested Sftp from outside the WAN too, and no connection.

                  The local server's /var/log/secure shows no log in attempt.

                  I ran a verbose command on the log in attempts from the remote client, which seems useful, by showing the issue seems to be 2 authentication methods:
                  gssapi-keyex. No valid key exchange.
                  gssapi-with-mic. Unspecified GSS failure. No Kerberos credentials available.

                  user@machine ~ $ ssh -v admin@domain.com
                  OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
                  debug1: Reading configuration data /etc/ssh/ssh_config
                  debug1: /etc/ssh/ssh_config line 19: Applying options for *
                  debug1: Connecting to domain.com [xx.xxx.xxx.xx] port 22.
                  debug1: Connection established.
                  debug1: identity file /home/user/.ssh/id_rsa type -1
                  debug1: identity file /home/user/.ssh/id_rsa-cert type -1
                  debug1: identity file /home/user/.ssh/id_dsa type -1
                  debug1: identity file /home/user/.ssh/id_dsa-cert type -1
                  debug1: identity file /home/user/.ssh/id_ecdsa type -1
                  debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
                  debug1: identity file /home/user/.ssh/id_ed25519 type -1
                  debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
                  debug1: Enabling compatibility mode for protocol 2.0
                  debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
                  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
                  debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
                  debug1: SSH2_MSG_KEXINIT sent
                  debug1: SSH2_MSG_KEXINIT received
                  debug1: kex: server->client aes128-ctr hmac-md5 none
                  debug1: kex: client->server aes128-ctr hmac-md5 none
                  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
                  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
                  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
                  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
                  debug1: Server host key: RSA 7b:f5:0a:ff:55:33:3b:c3:10:28:6f:b3:9c:53:45:fc
                  debug1: Host 'domain.com' is known and matches the RSA host key.
                  debug1: Found key in /home/user/.ssh/known_hosts:3
                  debug1: ssh_rsa_verify: signature correct
                  debug1: SSH2_MSG_NEWKEYS sent
                  debug1: expecting SSH2_MSG_NEWKEYS
                  debug1: SSH2_MSG_NEWKEYS received
                  debug1: Roaming not allowed by server
                  debug1: SSH2_MSG_SERVICE_REQUEST sent
                  debug1: SSH2_MSG_SERVICE_ACCEPT received
                  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
                  debug1: Next authentication method: gssapi-keyex
                  debug1: No valid Key exchange context
                  debug1: Next authentication method: gssapi-with-mic
                  debug1: Unspecified GSS failure.  Minor code may provide more information
                  No Kerberos credentials available
                  
                  debug1: Unspecified GSS failure.  Minor code may provide more information
                  No Kerberos credentials available
                  
                  debug1: Unspecified GSS failure.  Minor code may provide more information
                  
                  debug1: Unspecified GSS failure.  Minor code may provide more information
                  No Kerberos credentials available
                  
                  debug1: Next authentication method: publickey
                  debug1: Trying private key: /home/user/.ssh/id_rsa
                  debug1: Trying private key: /home/user/.ssh/id_dsa
                  debug1: Trying private key: /home/user/.ssh/id_ecdsa
                  debug1: Trying private key: /home/user/.ssh/id_ed25519
                  debug1: Next authentication method: password
                  admin@domain.com's password: 
                  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
                  Permission denied, please try again.
                  admin@domain.com's password: 
                  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
                  Permission denied, please try again.
                  admin@domain.com's password: 
                  debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
                  debug1: No more authentication methods to try.
                  Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
                  
                  
                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    eiger3970
                    last edited by

                    ssh root@domain.com, connects
                    ssh admin@domain.com, does not connect.
                    sftp root@domain.com, does not connect.
                    sftp admin@domain.com does not connect.

                    Issue is security is weak on SFTP/SSH as logs into root, to show whole server and websites.

                    FTP is clear text, but only allows access to 1 website.

                    I think I need to sort out my Unix system administration, as the pfSense access seems fixed.

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      doktornotor Banned
                      last edited by

                      Not to spoil your party, but… you shouldn't run a server. You are many OSI layers above port forwarding. Your problems with totally basic SSH usage and authentication have nothing to do with pfSense.

                      WTH are you trying to log as non-existent user?

                      
                      Failed password for invalid user admin
                      
                      

                      Move to CentOS forums.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        "Issue is security is weak on SFTP/SSH as logs into root"

                        What??? Not even sure what to say here - agree with dok, this basic concept has nothing to do with pfsense operation.  Clearly your port forward is working but you don't understand how to use what your forwarded.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.