pfSense is new for me

Raul LunaBoza

Hello, i'm new working with pfSense, and I need some help, with the most basic think, open a port, I have set up the rule and the NAT so i can get from my WAN to the LAN with the port 6010 (random port, it could be any), I'm setting up a FTP with FileZilla,

i'm attaching the screen of the rule and NAT and see if i'm missing something

I've seen all the videos on youtube and i have try pretty much everything and nothing, of some body can help me i really appreciate

Rule:

NAT:

Again Thanks to everyone

stephenw10

That looks OK. I assume it's not working?

Check the state table for states open to 172.16.1.90 when you try to connect. Diagnostics > States.

It could be TCP only but passing UDP isn't a problem.

Steve

Raul LunaBoza

Hello Steve, you're correct is not working, take a look of the states

Raul LunaBoza

@Raul-LunaBoza said in pfSense is new for me:

Hello Steve, you're correct is not working, take a look of the states
After i try to connect 3 times,give a error of "invalid credential"... I already check the user and pass and they are correct

stephenw10

Ok if it's asking you for the login and giving errors the port forward is working fine. pfSense does not change that traffic at all.

You can run a packet capture on the LAN and filter it by 172.12.1.90 and port 6010. Set it for 1000 packets. Then try to connect again.

If it's plain FTP you will see exactly what is sent in the capture.

When you connect to the server from a local client on the LAN those same credentials work?

Steve

Raul LunaBoza

I manage to fix the connection to the server the only thing, the i'm still having problem is the error when i'm connecting from outside the network

These is the error:
425 Can't open data connection for transfer of "/"

The test user, as all the permission and access to the folder, and as full control over anything inside that folder

what can i do?

stephenw10

Either it is handing out it's internal IP to connect to and the client is not clever enough to correct that or you haven't setup port forwards for the data port range.

https://docs.netgate.com/pfsense/en/latest/nat/ftp-without-a-proxy.html#server-behind-pfsense

Steve

Raul LunaBoza

Thanks for The help Stevennw10, now do i have to take or make any special configuration if i'm using port 22? I'm trying to connect from out site of the network and is giving me the 425 error.

I already open the port, and the passive ports, y made a 1:1 nat

do I'm missing something in he configuration?

stephenw10

Port 22, so scp/ssh? Nothing special should be required.

If you are still seeing that same error and the passive ports are open then the server is probably misconfigured and handing out it's internal IP to connect to. And the client is not clever enough to see that and ignore it. The Filezilla client will do that for you.

Steve