• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FTP: What's the difference between pftpx and ftpsesame and when are they used?

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 3 Posters 9.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    Juve
    last edited by Apr 21, 2008, 9:15 PM Apr 21, 2008, 7:04 PM

    Hi all,

    Why is there two types of ftp helpers ? I have a cluster on wich I can see runing pftpx and ftpsesame. What is the thing making pfsense choose wich ftp helper has to be started ? (I do not have any bridged interface)
    Thx

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Apr 21, 2008, 7:52 PM

      Do you have a routed interface (without nat)? ftpsesame is used for bridged and routed interfaces iirc.

      1 Reply Last reply Reply Quote 0
      • J
        Juve
        last edited by Apr 21, 2008, 8:01 PM

        I have just spotted how it works by reading the code. If it doesn't find a nat rule for the subnet on the interface it runs ftpsesame instead of pftpx.
        I was wondering why my active ftp connexion wasn't working… it's because my LAN interface isn't in my LAN subnet but in a small /29 used for transport between the corporate network concentrator (which is the central and unique router for many rfc1918 networks) and the firewall cluster. Because it is only used for transport I had no outgoing NAT rule thus pfsense didn't start pftpx. I've just added a dumb NAT rule in order to make the pftpx start.

        Good thing to know in such a configuration.
        Hope this will help other people.

        1 Reply Last reply Reply Quote 0
        • S
          sullrich
          last edited by Apr 21, 2008, 9:12 PM

          I made this a sticky.  Can you change the subject to something a bit more descriptive for future folks?  :)

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by Apr 21, 2008, 9:16 PM

            @sullrich:

            I made this a sticky.  Can you change the subject to something a bit more descriptive for future folks?  :)

            Done

            1 Reply Last reply Reply Quote 0
            • J
              Juve
              last edited by Apr 23, 2008, 1:43 PM

              While we are talking about FTP Helper. I want to share another trick.

              When you have a WAN using a private subnet and a DMZ using a public subnet.
              You will certainly have an advanced outbound NAT rule that will NAT outgoing packets sourced from LAN with an IP address from the DMZ public subnet thus making the packet routable through Internet. Right, but what about FTP and Active FTP ? FTP helpers won't work because they will use your WAN IP Address, which is unreachable, inside FTP protocol. (eg. PORT command).

              To solve this:

              Edit the /etc/inc/config.inc file and go to line 1670 (in the 1.2 release), should looks like this one :

              mwexec("/usr/local/sbin/pftpx {$shaper_queue}-c {$port} -g 8021 {$ip}");

              Comment out this line and add this one:

              mwexec("/usr/local/sbin/pftpx {$shaper_queue}-c {$port} -g 8021 -p [PUBLICIPHERE]");

              Should work fine.

              I have 10+ boxes running like this since pfsense uses pftpx.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received