Portforwarding FTP not work



  • Hi@all,

    I use PFSense as a gateway for my local network. In the WAN PFSense has a fixed IPv4 (example: 10.20.30.40). In the LAN PFSense has the address 192.168.24.254. The dial-up to the internet is done with PPPoE. This also works.

    In the LAN there is an FTP server (IP: 192.168.24.7). From the LAN I can easily access this server via FTP (with username + password). To access from the internet via FTP I have set up a rule for FTP at PFSense -> NAT -> Port forwarding:

    16bcf7ad-4cba-49d6-8533-cf58f902d86b-grafik.png

    Now I try to access the FTP server from outside and watch the logfile on the FTP server at the same time. There I see that the user is successfully authenticated but then nothing happens. The connection is established.

    Jan 06 10:55:53 web01 vsftpd[1353]: pam_sss(vsftpd:auth): authentication success; logname= uid=0 euid=0 tty=ftp ruser=webftp rhost=100.xx.100.yy user=webftp
    

    Until sometime at the external client the message:

    Warning 425 Faild to establish connection

    is output. What am I doing wrong?

    best regards



  • @pixel24 said in Portforwarding FTP not work:

    he dial-up to the internet is done with PPPoE. This also works.
    In the LAN there is an FTP server (IP: 192.168.24.7). From the LAN I can easily access this server via FTP (with username + password). To access from the internet via FTP I have set up a rule for FTP at PFSense -> NAT -> Port forwarding:

    Use SFTP rather than FTP if you can.

    Try installing FTP_Client_Proxy



  • @NogBadTheBad said in Portforwarding FTP not work:

    Use SFTP rather than FTP if you can.

    Yes, I will. FTP (without "s") is only for testing purposes :-)

    @NogBadTheBad said in Portforwarding FTP not work:

    Try installing FTP_Client_Proxy

    I will try out



  • sftp is another protocol.
    For ftp to work you also need port 20, for ftp-data.
    And then you also need a range of ports for connection
    ftp passive (and a server that supports it) is a better option, but still ftp is a "broken" protocol in todays natted world.



  • Also do you have firewall rules on the WAN ?


Log in to reply