Cannot access FTP server



  • Hi all,

    I configured pfSense with 3 WAN interfaces. The first interface (WAN) is connected to a wireless modem. So, it obtains its public IP address by DHCP from the ISP.
    The IP address of the second interface (ADSL1) is 10.2.0.1/16. It is connected to the LAN interface of an ADSL router/modem (Alcatel SpeedTouch), which has IP 10.2.0.2. The router's WAN interface obtains its public IP via DHCP from the ISP. ADSL1 is configured with gateway 10.2.0.2.
    The IP address of the third interface (ADSL2) is 10.3.0.1/16. It is connected to the LAN interface of another ADSL router/modem (Binatone), which has IP 10.3.0.2. The router's WAN interface obtains its public IP via DHCP from another ISP. ADSL2 is configured with gateway 10.3.0.2.

    The LAN interface of pfSense has IP 10.0.0.3/16. I've configured pfSense to route packets as follows:
    Packets with source IP 10.0.1.0/24 arriving on the LAN interface are routed to interface WAN.
    Packets with source IP 10.0.2.0/24 arriving on the LAN interface are routed to interface ADSL1.
    Packets with source IP 10.0.3.0/24 arriving on the LAN interface are routed to interface ADSL2.

    This seems to be working alright.
    I've tried surfing the web without any problem.
    However, whenever I try to access any FTP server using any FTP client, I get the following messages:
    1. Connected to server A.B.C.D
    2. You have been disconnected from the server.

    I get the second message immediately after the first one.
    I even got the first message quite fast and hence, it seems to me that the FTP client did not even connect to the FTP server in the first place.
    Enabling or disabling the FTP helper option did not make any change.
    Does this have to do with passive FTP connections?

    Any help is appreciated.



  • Turn on the FTP helper on each of the interfaces involved.



  • Will try that on Monday (at work) and post back.



  • Here is a summary of the tests I did:

    As I said above, I have 3 WAN interfaces (WAN, ADSL1 and ADSL2).
    I disconnected WAN and ADSL1. Only ADSL2 is up.

    I tried both enabling and disabling the "userland FTP-Proxy application", but without success.

    Status:  Connecting to ftp.freebsd.org
    Status:  Connected with ftp.freebsd.org. Waiting for welcome message...
    Error: Timeout detected!
    Error: Unable to connect!
    Status: Waiting to retry... (5 retries left)

    And this goes on and on...

    The second test I did is to have both the WAN and ADSL2 interfaces up.
    NB: The WAN interface is directly connected to a modem and hence, obtains a public IP directly. The ADSL2 interface has IP 10.3.0.1, is connected to the LAN interface (10.3.0.2) of an ADSL modem, which obtains a public IP from the ISP.
    That's the difference between these 2 interfaces.

    Now, the only active rule on the firewall, is to route packets with IP 10.0.3.0/24 to gateway 10.3.0.2, ie, to the ADSL modem/router connected to interface ADSL2. All other rules are disabled. My PCs IP is 10.0.3.103.
    When these 2 interfaces are up, the FTP traffic goes out via the WAN interface!!! Why? Normally, anything that isn't explicitly passed should be blocked by default (as stated on the Firewall: Rules page). This happens regardless of whether the "userland FTP-Proxy application" is enabled or disabled on the WAN and ADSL2 interfaces! However, the download speed seems to be faster when the "userland FTP-Proxy application" is disabled, ie, the "FTP Helper" check box is checked.

    So, there are 2 problems, firstly traffic that should be routed to interface ADSL2 is going out via WAN interface and secondly, FTP is not working properly.

    By the way, I'm using pfSense version BETA4, built on Mon May 8 22:37:25 UTC 2006.

    Any idea what the problem could be?
    What exactly is the "userland FTP-Proxy application" or the "FTP Helper"? What does it do?



  • FTP does not work with Dual Wans.  This is a FAQ.

    You need to route FTP thorugh the primary WAN.

    http://faq.pfsense.com/index.php?action=artikel&cat=1&id=142&artlang=en&highlight=ftp dual wan



  • OK. Will it be supported in future versions of pfSense?
    Actually, we mainly use our WAN links for FTP transfers at work!

    Can you tell me the function of the "userland FTP-Proxy application" or the "FTP Helper"?
    What do they do exactly?



  • @netsysadmin:

    OK. Will it be supported in future versions of pfSense?
    Actually, we mainly use our WAN links for FTP transfers at work!

    It depends on if someone can get http://article.gmane.org/gmane.os.openbsd.misc/103853 working.  We are currently busy with other tasks so I don't have time to devote to test this ATM.

    @netsysadmin:

    Can you tell me the function of the "userland FTP-Proxy application" or the "FTP Helper"?
    What do they do exactly?

    It punches holes in the firewall permitting the ftp traffic.  Once the wholes are punched traffic is no longer redirected to the userland helper.



  • OK. Just in case anyone does develop something regarding multi-wan FTP, I'm willing to do the tests.


Log in to reply