Unable to connect to passive ftp
I have pfsense installed in my lan network. Whenever i try to connect ftp of my cloud servers (mainly aws servers) they give the following error in filezilla:
" Server sent passive reply with unroutable address. Using server address instead. "
So your server in in aws are sending rfc1918 address most likely because they behind a nat as well. Have their ftp send the correct public IP address and that error goes away. This has ZERO to do with pfsense.
Thanks johnpoz for the quick reply.
I am able to connect to the server via ftp when i am not under pfsense. The problem is somewhere in pfsense.
No, it isn't.
No sorry its not.. Unless your blocking outbound ports and only allowing specific ports.. Pfsense doesn't have anything to do with your clients connection to some box on the internet via some high port..
Out of the box with the lan any any rule your going to be able to passive ftp… If you locked down pfsense to prevent outbound traffic on high ports then sure it could be issue connecting to passive ftp server.. But the error you gave from your filezilla client has ZERO to do with pfsense ZERO... That is the server sending some rfc1918 address vs its actual public IP. This because the server also behind a nat..
"" Server sent passive reply with unroutable address. Using server address instead. ""
This needs to be corrected at the server, but your client like filezilla can handle such nonsense. Which again is not related to pfsense..
Here is the advice I give to pretty much anyone asking a FTP question.. First step is to actually understand how ftp works.. Which seems to be everyone asking questions about it doesn't have a clue ;) People that understand how it works never have any issues... heheeh
Here is great link to get you started.
Why don't you turn on detailed logging in filezilla and then connect to some ftp server your trying to talk to on the data channel with passive... So here I just hit ftp.freebsd.org - when I do a directory listing via passive you can see the IP the server sends me and the port.. 1st 4 numbers are the IP, the next 2 numbers are the port via 218*256 + 26 or port 55834
Quick. If you are going to blame pfSense describe the passive FTP process without google, etc or wikipedia.