Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP client Proxy problems

    Cache/Proxy
    2
    3
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rokk
      last edited by

      Hello,

      I am trying to enable ftp client proxy package but sadly without success. I am using pfSense 2.3.3
      We have pretty strict outgoing filtering which is blocking high outgoing ports.

      My config:

      • newest version FTP client proxy package 0.3_2 enabled
      • enabled it only on LAN interface that users are connected to
      • edited Source Address to be the same as users outgoing IP ( We have multi-wan with HA config, currently no wan load balancing tho)
      • ticked Early Firewall Rule
      • ticket Log Connections

      When proxy is enabled, ftp isn't working at all ( even if all access is granted to client IP )
      If I disable the package and set same firewall rules with user IP allowed all outgoing ports, things work.

      Things I notices, no firewall rules are generated by package?
      FTP proxy is listening on 127.0.0.1 8021 on firewall, is this correct ?

      Any ideas?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        The rules generated by packages are not visible in the GUI. And yes, it is supposed to listen on localhost.

        1 Reply Last reply Reply Quote 0
        • R
          rokk
          last edited by

          Any way to debug this rules?

          I am seeing 127.0.0.1:8021 connection to destination ftp server on port 21.
          Then another connection to my IP on random high pot ie. 35145 however no traffic seem to pass back me.
          I would assume NAT isn't translating the traffic back to me.

          I did traffic check on router and I got this connections:

          WAN tcp WAN_IP:40578 (WAN_Virtual_IP:6304) -> ExternalFTPServer:21      ESTABLISHED:ESTABLISHED
          LAN tcp ExternalFTPServer:61821 (ExternalFTPServer:53869) <- ClientIP:53088      FIN_WAIT_2:ESTABLISHED
          WAN tcp WAN_Virtual_IP:38724 (ClientIP:53088) -> ExternalFTPServer:61821      ESTABLISHED:FIN_WAIT_2
          LAN tcp 127.0.0.1:8021 (ExternalFTPServer:21) <- ClientIP:53087      ESTABLISHED:ESTABLISHED

          So some traffic is going over proxy and extenral ftp server

          Edit: Active mode works with this proxy, passive not. Tested with command line client on linux

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.