FTP server behind pfSense

jjonsson · Aug 27, 2013, 7:08 AM

Hi!

I have followed this http://forum.pfsense.org/index.php/topic,15811.0.html in hope that I could get access from the outside to my FTP server behind my pfSense.

I'm not able to use option 2 since I only have 1 public IP-address and that's the one on the WAN interface of the pfSense.
I can't get option 1 to work…..

I found out that I don't have to do anything about the "Proxy Helper Application" http://forum.pfsense.org/index.php?topic=48869.0

Any idea what is wrong ? I'm using Pure-FTP server on Debian 3.2.46-1 x86_64 and this is my port forward setup:

doktornotor · Aug 27, 2013, 7:26 AM

And the problem is? What's not working?

jjonsson · Aug 27, 2013, 8:17 AM

@doktornotor:

And the problem is? What's not working?

I can't access my FTP server from the outside…..

I get timeout in my FTP client (FileZilla)....

doktornotor · Aug 27, 2013, 12:12 PM

Timeout on what? Connection? You are forwarding the port 21 to wrong host obviously. This works just perfectly fine.

kejianshi · Aug 27, 2013, 12:34 PM

I see that you are attempting to forward to an alias. Since That port should only be NATed to a single host behind the firewall, I'd suggest you replace that WWW02 name with the IP of the machine you are forwarding to. Also, make sure that when you do that the associated Firewall rule is generated. It should happen automagically, but seems there have been a rash of people making their life hard by disabling that check box when making NAT rule. If you put a block rule further up the top of the list that blocks FTP before your allow rule, it will use the one higher on the list. Make sure you have not messed yourself up that way.

And, if I find out later after 60 posts that you are running SNORT and thats blocking things, I'm going to scream… ;)

jjonsson · Aug 27, 2013, 2:32 PM

@doktornotor:

Timeout on what? Connection? You are forwarding the port 21 to wrong host obviously. This works just perfectly fine.

How can I forward to wrong host ? I get reply from outside from my only FTP server behind the pfSense.

Status: Connecting t0 XX.XX.XX.251:21…
Status: Connection established, waiting for welcome message...
Respons: 220---------- Welcome to Pure-FTPd [privsep] [TLS] –--------
Respons: 220-You are user number 1 of 25 allowed.
Respons: 220-Local time is now 16:28. Server port: 21.
Respons: 220-This is a private system - No anonymous login
Respons: 220-IPv6 connections are also welcome on this server.
Respons: 220 You will be disconnected after 15 minutes of inactivity.
Command: USER root
Respons: 331 User root OK. Password required
Command: PASS ********
Error: Connection lost on timeout
Error: Could not connect to server

If I connect internally I do not have problems connecting.....

I could be nice to find out if this is a pfSense problem or Pure-FTP server problem....

Any help is appreciated :-)

kejianshi · Aug 27, 2013, 2:35 PM

All this works fine if your FTP client computer is inside the LAN?
Its only broken if you are outside the LAN?

jjonsson · Aug 27, 2013, 7:35 PM

Hi guyz,

Case solved!

I had to disable "Block private Networks" on interface that FTP server is on. Now it's working.

kejianshi · Aug 27, 2013, 7:48 PM

Oh - Yeah.

That for sure qualifies as a firewall rule that will block FTP that comes before an allow rule…

Why was that rule ever on anything other than a WAN? Anyway...

Glad its working.