Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem running ftp server on 2 hosts behind firewall

    NAT
    2
    4
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pingulino
      last edited by

      I'm running pfsense-2.0.1/i386 (nanobsd)
      I have one public ip and several servers on private ip behind the firewall - all ubuntu 12.04.
      First ftp-server:
      Server with ip 172.16.21.4 runs pure-ftpd, the only thing I did here was to add a NAT in pfsense port 21 WAN -> port 21 on 172.16.21.4
      This works fine.

      Second ftp-server:
      Server with ip 172.16.21.102 runs pure-ftpd. This is the one that doesn't work.
      I can connect & login, but can't do anything.
      The errors:
      In passive mode I get```
      230 OK. Current directory is /
      Remote system type is UNIX.
      Using binary mode to transfer files.
      ftp> ls
      500 I won't open a connection to 192.168.0.102 (only to <clients public="" ip="">)
      ftp: bind: Address already in use</clients>

      In active mode I get```

ftp> ls
227 Entering Passive Mode (80,80,80,80,60,234)
ftp: connect: Connection timed out

```(192.168.0.2 is my client, servers public ip is 80.80.80.80)
I have tried connecting from 3 different locations, same every time. However, there is no problem connecting to other ftp servers. I have tried using ftp & pftp in cli and filezilla.

I have read lots and lots - seems I'm not alone with the problem.
I have tried passive mode and active mode.
I have NAT:ed port range 40000-41000 in pfsense to this ftp-server, also of course configured pure-ftpd to use those ports.

The strange thing is ftp server says it wont open connection to _my clients_ private ip?
This does not happen connecting to first ftp-server or to any other ftpserver I've tried so it still has to be something on the server side?
–-
Adding:
ftp to the second ftp-server from within LAN works fine (vpn-tunnel in).
      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        You seriously should upgrade before wasting more time with any debugging. Tons of bugfixes related to pfftpproxy there.

        1 Reply Last reply Reply Quote 0
        • P
          pingulino
          last edited by

          Thanks for your effort.

          However, I can't upgrade. It's an appliance with too little disk-space.
          (Also, 2.0.1 -> 2.0.3 does not really sound like a hugh step - if it is it's incorrectly numbered. 2.1 is still RC.)

          Anyway, I need this to work with the version I have - or are you saying that 2.0.1 is so buggy it won't function correctly?? That's scary!

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @pingulino:

            or are you saying that 2.0.1 is so buggy it won't function correctly??

            That's not what I've said. What I've said is that there have been relevant bugfixes since 2.0.1 (and a whole lot more of those in 2.1)

            @pingulino:

            That's scary!

            Running a deprecated version with known security issues sounds even more scary. You won't see any fixes there either.

            You can play with the -N switch for pureftpd, diff the configs etc. Other than that, no idea.

            P.S. Trying active FTP to a server behind NAT is completely futile effort.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.