FTP client Proxy problems
I am trying to enable ftp client proxy package but sadly without success. I am using pfSense 2.3.3
We have pretty strict outgoing filtering which is blocking high outgoing ports.
- newest version FTP client proxy package 0.3_2 enabled
- enabled it only on LAN interface that users are connected to
- edited Source Address to be the same as users outgoing IP ( We have multi-wan with HA config, currently no wan load balancing tho)
- ticked Early Firewall Rule
- ticket Log Connections
When proxy is enabled, ftp isn't working at all ( even if all access is granted to client IP )
If I disable the package and set same firewall rules with user IP allowed all outgoing ports, things work.
Things I notices, no firewall rules are generated by package?
FTP proxy is listening on 127.0.0.1 8021 on firewall, is this correct ?
Thanks in advance
The rules generated by packages are not visible in the GUI. And yes, it is supposed to listen on localhost.
Any way to debug this rules?
I am seeing 127.0.0.1:8021 connection to destination ftp server on port 21.
Then another connection to my IP on random high pot ie. 35145 however no traffic seem to pass back me.
I would assume NAT isn't translating the traffic back to me.
I did traffic check on router and I got this connections:
WAN tcp WAN_IP:40578 (WAN_Virtual_IP:6304) -> ExternalFTPServer:21 ESTABLISHED:ESTABLISHED
LAN tcp ExternalFTPServer:61821 (ExternalFTPServer:53869) <- ClientIP:53088 FIN_WAIT_2:ESTABLISHED
WAN tcp WAN_Virtual_IP:38724 (ClientIP:53088) -> ExternalFTPServer:61821 ESTABLISHED:FIN_WAIT_2
LAN tcp 127.0.0.1:8021 (ExternalFTPServer:21) <- ClientIP:53087 ESTABLISHED:ESTABLISHED
So some traffic is going over proxy and extenral ftp server
Edit: Active mode works with this proxy, passive not. Tested with command line client on linux