Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    blocking passive ftp in LAN

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 400 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bmffsc
      last edited by

      Hi,

      Using 2.4.5-RELEASE, i have an ftp server working on LAN, pureftpd on linux 18.04, for remote access i've defined 1:1 NAT and with my external ip address working without any problem, users can reach upload/download files without any problem.

      But when i try to reach through LAN, ftp client does this;
      Status: Disconnected from server
      Status: Connecting to 192.168.1.253:21...
      Status: Connection established, waiting for welcome message...
      Status: Plain FTP is insecure. Please switch to FTP over TLS.
      Status: Logged in
      Status: Retrieving directory listing...
      Command: PWD
      Response: 257 "/" is your current location
      Command: TYPE I
      Response: 200 TYPE is now 8-bit binary
      Command: PASV
      Response: 227 Entering Passive Mode (XXX,XXX,XXX,XXX,156,215)
      Command: MLSD
      Error: Connection timed out after 20 seconds of inactivity
      Error: Failed to retrieve directory listing

      According to my passive ftp configuration file it's trying to connect my WAN ip but somehow it's failing.

      I did define lan rules as : source any-destination MY_WAN_IP - destination port range any but didn't solve the problem, also if don't use 1:1 NAT external users having the same problem, my passive ftp uses 21,40110:40210, when i forward those ports to my server both LAN & WAN users having the same problem, all other port forwardings to same server works perfectly but i'm stuck at plain ftp connections.

      What am i doing wrong here?

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        When you connect to your FTP server on the same LAN as your device (PC), have this FTP client using Active mode (?).

        Another "without reading the pureftp manual" is : set up two FTP servers : one passive, accepting connections from the WAN (entire Internet) and another, running in active mode, accepting local connections. This second server should not use ort "21" but port, example "2121". It's just for your own, local access.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        B 1 Reply Last reply Reply Quote 0
        • B
          bmffsc @Gertjan
          last edited by

          @Gertjan
          When you connect to your FTP server on the same LAN as your device (PC), have this FTP client using Active mode (?). : active mode in LAN just works fine, but can not login through passive mode.

          second ftp server to accept only LAN connections through 2121 is seems like good idea, let me work on that.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.