server IP is not reachable problem ?



  • Want to access a ftp server which is running through VPN server? With pfsense i can't access it. but without it i can access it easily.


  • Netgate Administrator

    Still more information needed! 😉

    Where is the FTP server? On an interface behind pfSense?

    Where are you testing from? A client connected to the VPN?

    How is the FTP server configured? Active or Passive mode? Encrypted?

    Steve



  • @stephenw10 said in server IP is not reachable problem ?:

    rypted

    FTP server is on Amazon AWS and using open vpn to connect to it.


  • Netgate Administrator

    Ok. Where is pfSense? Also in AWS? On front of the FTP server?

    @stephenw10 said in server IP is not reachable problem ?:

    How is the FTP server configured? Active or Passive mode? Encrypted?

    Steve



  • no pfsense is not in the AWS . basically bogon filter networks blocking the private IP 172.x.x.x.


  • Netgate Administrator

    So the client you are trying to connect from is behind pfSense at some remote location?

    Is OpenVPN running on pfSense? To something else in AWS?

    Please explain exactly how this connection is setup otherwise we are just guessing.

    Steve



  • Sorry for the short info. I am using OpenVPN client on my desktop that is not configured via pfsense. and I am on the same network of pfsense firewall. The main thing is that pfsense is blocking the IP Address that i want to access 172.X.X.X , which is blocked due to block Bogon network rule. So is there any way that i can permit this IP to go through of it


  • Netgate Administrator

    Ok, so as I said in the other thread the 'block private networks' rule does not block outgoing connections.

    On top of that pfSense cannot 'see' that connection anyway because it's inside the OpenVPN tunnel. pfSense can only see the OpenVPN traffic between the client and whatever the server is it's connecting to.

    I assume you have an OpenVPN server in AWS? And the tunnel is coming up OK but you just can't connect to the FTP server through it?

    Steve



  • But after disabling the Bogon filter i can access 172.x.x.x, i don't know what is the main issue because I am new to pfsense. can you just tell me the configuration rule that will pass this IP address.


  • Netgate Administrator

    Is it active FTP? That requires opening inbound connections.

    The Block Bogons rule only blocks traffic from unassigned or otherwise unused IP blocks.

    The Block Private Networks rule will block new inbound connections from private IPs including anything in 172.16/12.

    I'm still guessing here because you haven't said how the ftp server is configured or how the OpenVPN tunnel is configured.

    If it is using active FTP the server has to open the data connection back to the client. In that situation block privat networks might come into play. However that traffic should still be inside the VPN tunnel where pfSense never sees it and therefore cannot block it.

    Steve



  • Yes it is active FTP server and i din't know about VPN because i got the user name and password and instructions to install vpn and access the FTP server.


  • Netgate Administrator

    Ok. The only way I could see that rule doing anything is if you were running the OpenVPN clinet on pfSense and had assigned it as an interface and had the rule on that interface.

    But as I understand it you are running the OpenVPN client on the client machine behind pfSense. In that situation pfSense never sees the FTP traffic inside the tunnel at all. And outbound OpenVPN traffic from the client will always be allowed no matter what the block rules are set to on WAN.

    Is it the FTP connection over the tunnel that fails or that the OpenVPN tunnel fails to connect?

    Steve


Log in to reply