FTP client Proxy problems



  • Hello,

    I am trying to enable ftp client proxy package but sadly without success. I am using pfSense 2.3.3
    We have pretty strict outgoing filtering which is blocking high outgoing ports.

    My config:

    • newest version FTP client proxy package 0.3_2 enabled
    • enabled it only on LAN interface that users are connected to
    • edited Source Address to be the same as users outgoing IP ( We have multi-wan with HA config, currently no wan load balancing tho)
    • ticked Early Firewall Rule
    • ticket Log Connections

    When proxy is enabled, ftp isn't working at all ( even if all access is granted to client IP )
    If I disable the package and set same firewall rules with user IP allowed all outgoing ports, things work.

    Things I notices, no firewall rules are generated by package?
    FTP proxy is listening on 127.0.0.1 8021 on firewall, is this correct ?

    Any ideas?

    Thanks in advance


  • Banned

    The rules generated by packages are not visible in the GUI. And yes, it is supposed to listen on localhost.



  • Any way to debug this rules?

    I am seeing 127.0.0.1:8021 connection to destination ftp server on port 21.
    Then another connection to my IP on random high pot ie. 35145 however no traffic seem to pass back me.
    I would assume NAT isn't translating the traffic back to me.

    I did traffic check on router and I got this connections:

    WAN tcp WAN_IP:40578 (WAN_Virtual_IP:6304) -> ExternalFTPServer:21      ESTABLISHED:ESTABLISHED
    LAN tcp ExternalFTPServer:61821 (ExternalFTPServer:53869) <- ClientIP:53088      FIN_WAIT_2:ESTABLISHED
    WAN tcp WAN_Virtual_IP:38724 (ClientIP:53088) -> ExternalFTPServer:61821      ESTABLISHED:FIN_WAIT_2
    LAN tcp 127.0.0.1:8021 (ExternalFTPServer:21) <- ClientIP:53087      ESTABLISHED:ESTABLISHED

    So some traffic is going over proxy and extenral ftp server

    Edit: Active mode works with this proxy, passive not. Tested with command line client on linux


Log in to reply