• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FTP client Proxy problems

Scheduled Pinned Locked Moved Cache/Proxy
3 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rokk
    last edited by May 8, 2017, 12:48 PM

    Hello,

    I am trying to enable ftp client proxy package but sadly without success. I am using pfSense 2.3.3
    We have pretty strict outgoing filtering which is blocking high outgoing ports.

    My config:

    • newest version FTP client proxy package 0.3_2 enabled
    • enabled it only on LAN interface that users are connected to
    • edited Source Address to be the same as users outgoing IP ( We have multi-wan with HA config, currently no wan load balancing tho)
    • ticked Early Firewall Rule
    • ticket Log Connections

    When proxy is enabled, ftp isn't working at all ( even if all access is granted to client IP )
    If I disable the package and set same firewall rules with user IP allowed all outgoing ports, things work.

    Things I notices, no firewall rules are generated by package?
    FTP proxy is listening on 127.0.0.1 8021 on firewall, is this correct ?

    Any ideas?

    Thanks in advance

    1 Reply Last reply Reply Quote 0
    • D
      doktornotor Banned
      last edited by May 8, 2017, 2:24 PM

      The rules generated by packages are not visible in the GUI. And yes, it is supposed to listen on localhost.

      1 Reply Last reply Reply Quote 0
      • R
        rokk
        last edited by May 9, 2017, 12:55 PM May 9, 2017, 12:12 PM

        Any way to debug this rules?

        I am seeing 127.0.0.1:8021 connection to destination ftp server on port 21.
        Then another connection to my IP on random high pot ie. 35145 however no traffic seem to pass back me.
        I would assume NAT isn't translating the traffic back to me.

        I did traffic check on router and I got this connections:

        WAN tcp WAN_IP:40578 (WAN_Virtual_IP:6304) -> ExternalFTPServer:21      ESTABLISHED:ESTABLISHED
        LAN tcp ExternalFTPServer:61821 (ExternalFTPServer:53869) <- ClientIP:53088      FIN_WAIT_2:ESTABLISHED
        WAN tcp WAN_Virtual_IP:38724 (ClientIP:53088) -> ExternalFTPServer:61821      ESTABLISHED:FIN_WAIT_2
        LAN tcp 127.0.0.1:8021 (ExternalFTPServer:21) <- ClientIP:53087      ESTABLISHED:ESTABLISHED

        So some traffic is going over proxy and extenral ftp server

        Edit: Active mode works with this proxy, passive not. Tested with command line client on linux

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received