Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    server IP is not reachable problem ?

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 2 Posters 750 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krishan
      last edited by

      Want to access a ftp server which is running through VPN server? With pfsense i can't access it. but without it i can access it easily.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Still more information needed! 😉

        Where is the FTP server? On an interface behind pfSense?

        Where are you testing from? A client connected to the VPN?

        How is the FTP server configured? Active or Passive mode? Encrypted?

        Steve

        1 Reply Last reply Reply Quote 0
        • K
          krishan
          last edited by

          @stephenw10 said in server IP is not reachable problem ?:

          rypted

          FTP server is on Amazon AWS and using open vpn to connect to it.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ok. Where is pfSense? Also in AWS? On front of the FTP server?

            @stephenw10 said in server IP is not reachable problem ?:

            How is the FTP server configured? Active or Passive mode? Encrypted?

            Steve

            1 Reply Last reply Reply Quote 0
            • K
              krishan
              last edited by

              no pfsense is not in the AWS . basically bogon filter networks blocking the private IP 172.x.x.x.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                So the client you are trying to connect from is behind pfSense at some remote location?

                Is OpenVPN running on pfSense? To something else in AWS?

                Please explain exactly how this connection is setup otherwise we are just guessing.

                Steve

                1 Reply Last reply Reply Quote 0
                • K
                  krishan
                  last edited by

                  Sorry for the short info. I am using OpenVPN client on my desktop that is not configured via pfsense. and I am on the same network of pfsense firewall. The main thing is that pfsense is blocking the IP Address that i want to access 172.X.X.X , which is blocked due to block Bogon network rule. So is there any way that i can permit this IP to go through of it

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Ok, so as I said in the other thread the 'block private networks' rule does not block outgoing connections.

                    On top of that pfSense cannot 'see' that connection anyway because it's inside the OpenVPN tunnel. pfSense can only see the OpenVPN traffic between the client and whatever the server is it's connecting to.

                    I assume you have an OpenVPN server in AWS? And the tunnel is coming up OK but you just can't connect to the FTP server through it?

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • K
                      krishan
                      last edited by

                      But after disabling the Bogon filter i can access 172.x.x.x, i don't know what is the main issue because I am new to pfsense. can you just tell me the configuration rule that will pass this IP address.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Is it active FTP? That requires opening inbound connections.

                        The Block Bogons rule only blocks traffic from unassigned or otherwise unused IP blocks.

                        The Block Private Networks rule will block new inbound connections from private IPs including anything in 172.16/12.

                        I'm still guessing here because you haven't said how the ftp server is configured or how the OpenVPN tunnel is configured.

                        If it is using active FTP the server has to open the data connection back to the client. In that situation block privat networks might come into play. However that traffic should still be inside the VPN tunnel where pfSense never sees it and therefore cannot block it.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • K
                          krishan
                          last edited by

                          Yes it is active FTP server and i din't know about VPN because i got the user name and password and instructions to install vpn and access the FTP server.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Ok. The only way I could see that rule doing anything is if you were running the OpenVPN clinet on pfSense and had assigned it as an interface and had the rule on that interface.

                            But as I understand it you are running the OpenVPN client on the client machine behind pfSense. In that situation pfSense never sees the FTP traffic inside the tunnel at all. And outbound OpenVPN traffic from the client will always be allowed no matter what the block rules are set to on WAN.

                            Is it the FTP connection over the tunnel that fails or that the OpenVPN tunnel fails to connect?

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.