pfSense is new for me



  • Hello, i'm new working with pfSense, and I need some help, with the most basic think, open a port, I have set up the rule and the NAT so i can get from my WAN to the LAN with the port 6010 (random port, it could be any), I'm setting up a FTP with FileZilla,

    i'm attaching the screen of the rule and NAT and see if i'm missing something

    I've seen all the videos on youtube and i have try pretty much everything and nothing, of some body can help me i really appreciate

    Rule:
    Rules.jpg

    NAT:
    NAT.jpg

    Again Thanks to everyone


  • Netgate Administrator

    That looks OK. I assume it's not working?

    Check the state table for states open to 172.16.1.90 when you try to connect. Diagnostics > States.

    It could be TCP only but passing UDP isn't a problem.

    Steve



  • Hello Steve, you're correct is not working, take a look of the states

    States.jpg



  • @Raul-LunaBoza said in pfSense is new for me:

    Hello Steve, you're correct is not working, take a look of the states
    After i try to connect 3 times,give a error of "invalid credential"... I already check the user and pass and they are correct

    States.jpg


  • Netgate Administrator

    Ok if it's asking you for the login and giving errors the port forward is working fine. pfSense does not change that traffic at all.

    You can run a packet capture on the LAN and filter it by 172.12.1.90 and port 6010. Set it for 1000 packets. Then try to connect again.

    If it's plain FTP you will see exactly what is sent in the capture.

    When you connect to the server from a local client on the LAN those same credentials work?

    Steve



  • I manage to fix the connection to the server the only thing, the i'm still having problem is the error when i'm connecting from outside the network

    These is the error:
    425 Can't open data connection for transfer of "/"

    The test user, as all the permission and access to the folder, and as full control over anything inside that folder

    what can i do?


  • Netgate Administrator

    Either it is handing out it's internal IP to connect to and the client is not clever enough to correct that or you haven't setup port forwards for the data port range.

    https://docs.netgate.com/pfsense/en/latest/nat/ftp-without-a-proxy.html#server-behind-pfsense

    Steve



  • Thanks for The help Stevennw10, now do i have to take or make any special configuration if i'm using port 22? I'm trying to connect from out site of the network and is giving me the 425 error.

    I already open the port, and the passive ports, y made a 1:1 nat

    do I'm missing something in he configuration?


  • Netgate Administrator

    Port 22, so scp/ssh? Nothing special should be required.

    If you are still seeing that same error and the passive ports are open then the server is probably misconfigured and handing out it's internal IP to connect to. And the client is not clever enough to see that and ignore it. The Filezilla client will do that for you.

    Steve


Log in to reply