[Solved] MS Telnet script FTP
-
Hi,
We update our pf 2.2.x to 2.3.x, all look fine exept that on 1 of our pc we have a script connect and getback some file from a ftp svr that dont work anymore (dont get anyfile, timeout…). I deactivate snort and even open port for telnet to this pc. Still cannot get it work... :(
I dont want to rollback to pf 2.2.x but it worked better with it :'(PS : sorry We update our pf 2.1.5 to 2.3.x !! :P
-
what does telnet have to do with ftp?
Is your client behind pfsense using active or passive ftp? I thought the ftp helper/proxy was removed in 2.2 so not sure how it was working with 2.2 and not 2.3
If your client behind pfsense and using active you could get the ftp helper package from the package manager. If passive you should have no problems since the ftp server would tell you which IP and port to use for the data connection. So unless you blocking outbound traffic there should be no problems from this client connecting.
If your using active, then yeah your going to need the helper because pfsense need to forward the connection using source port 20 to your machine behind pfsense for the data connection.
If your not getting any connection back from even the control port - are you blocking outbound connections? Maybe the site is just down? Are you using pfblocker?
-
Sorry for late reply.
We are not able to wait very long. Rollback to 2.1.5 and restore from backup. Now it works like before.what does telnet have to do with ftp?
When u use script for connect to an ftp, looks like it use more than port 21. (We test with a real ftp client and its ok.)…
If your using active, then yeah your going to need the helper because pfsense need to forward the connection using source port 20…
In v. 2.1.5 I didnt set something special for that :-\
Logically if on v 2.1.5 it works (for this case that is very simple case..), after upgrade (clean install) to 2.3, after restore (xml config file), it should be working like before no ?… :-\ (Because exept this problem, all looks fine...).
PS : Have to investigate later. I use personnaly 2.3 at home and same symptom for this problem.
-
2.1.5 has the helper.. So yeah the helper allows for ftp changes IP, opens the ports for passive. You said in your first post you went from 2.2, which doesn't have the helper.
No using a script via telnet does not use any extra ports..
I suggest you understand how ftp works be it active or passive. Then since in 2.2 and above there is NO ftp helper you have to forward the ports for passive..
http://slacksite.com/other/ftp.html
-
2.1.5 has the helper.. So yeah the helper allows for ftp changes IP, opens the ports for passive."
"Helper"….?
You said in your first post you went from 2.2, which doesn't have the helper.
Opps sorry, We update our pf 2.1.5 to 2.3.x ! But as…
2.1.5 has the helper
The result would be the same…
No using a script via telnet does not use any extra ports..
Ok…
I suggest you understand how ftp works be it active or passive. Then since in 2.2 and above there is NO ftp helper you have to forward the ports for passive..
http://slacksite.com/other/ftp.htmlThanks a lot for your advices. I will sure have a look on it.
-
yes the boards are full of problems when they took the ftp helper out of pfsense. The helper use to change the IP to the public IP when a ftp server behind ftp sent its private address. It also use to allow the passive ports back into the server, it also use to all the traffic if the client was behind pfsense and using an active connection where it had to tell the server the IP to connect to and port to use.
Starting with 2.2 this was removed. For clients behind pfsense using active, there is a package that does the requirements on the firewall to all the connections. But for a ftp server behind pfsense with clients coming in from the internet you have to do the stuff by hand now. You have to make sure the server gives out your actual public IP, and you have to setup the port forwards for the passive ports the server will tell the client to connect too.
The board was flooded with questions about this for quite some time.
Here is link to the doc that goes over it
https://doc.pfsense.org/index.php/FTP_without_a_Proxy -
Hey,
Do u think this can help for v. 2.3.x?
FTP Client Proxy Package
-
Yes it helps for client behind pfsense trying to talk to ftp servers out on the public internet. Doesn't help with servers behind pfsense with clients from public.
Did you bother to even look at the link I sent that explains exactly how ftp works.. If you do not understand how ftp works then you have NO BUSINESS running a freaking ftp server.. I have given you the info you need to make it work.. There are like 10+ threads that I can recall where this same freaking question comes up over and over and over again.
-
Sorry man, no offense.
Did you bother to even look at the link I sent that explains exactly how ftp works..
Yep!… Try my best ! :)
Thx again. -
FTP Client Proxy Package
My problem solved with this package. :-* :-*
-
Well yeah if your using a windows machine and ftp from cmd prompt its limited to active connection to server on the public internet. Which is exactly what that package helps..