2.2 passive FTP
-
2.2-RELEASE immediately drops control connection to ftp-server (tcp/21) when command 'PASV' is passed through it:
C:> telnet ftp-server 21
220 (vsFTPd 3.0.2)
USER user
331 Please specify the password.
PASS password
230 Login successful.
PASVConnection to host lost.
Wireshark show TCP RST after "PASV send" packet. vsftpd supports passive mode for sure and it's working from LAN (inside). "Port forward" for range exist (20000-20999 in our case), but there's no difference in behaviour whether "port forward" exist or not.
What we can made it work back?
-
https://doc.pfsense.org/index.php/FTP_without_a_Proxy
-
https://doc.pfsense.org/index.php/FTP_without_a_Proxy
Please read topic carefully, especially "Port forward for range exist" sentense. Of course I had already read mentioned article. So it's not about settings (either vsftpd or pfsense), it's about pfsense bug with Wireshark as acknowledge.
-
There's no such bug. Go re-read the article and fix your FTP server configuration.
-
There's no such bug. Go re-read the article and fix your FTP server configuration.
As I already said doesn't matter any server configuration (both meanings: "any config", "any server", tried several ftp servers either Linux or Windows). "PASV" control packet resulted immediately TCP RST from pfSense w/o even passing "PASV" to internal IP (rep: Wireshark).
-
Sucks to be you.
USER test 331 Password required for test PASS s3cr3t 230 User test logged in CWD /public 250 CWD command successful PASV 227 Entering Passive Mode (188,75,xxx,xxx,218,171). PWD 257 "/public" is the current directory QUIT 221 Goodbye.
-
Off,
If this is any help to you I have a passive FTP server working too. I'm using Filezilla running on Windows Server 2003. I would just verify that your server knows what its public IP address is, in my case I use dynamic DNS for that.
-
So your trying to ftp working with telnet?
"telnet ftp-server 21"
-
So your trying to ftp working with telnet?
"telnet ftp-server 21"
Good catch didn't see that, usually the simplest answer is the correct one. Unless he just made a typo.