Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP Proxy helper does not load on optional interface

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joans4nz
      last edited by

      Hi,

      I am testing pfSense 1.2.2, for some weeks with good results except with FTP Proxy helper. I have installed in a PC  with 3 NICs, sis0 for WAN, rl1 for LAN and rl0 for DMZ (Optional1), with FTP Proxy helper enabled (unchecked the option Disable the userland FTP-Proxy application) on LAN and DMZ (Optional1).

      For LAN and DMZ interfaces the first rule is allow traffic from any source port to 127.0.0.1, to any destination port. On DMZ subnet I have located my servers also my Kaspersky Antivirus Server.

      If a connection start from the LAN subnet to some FTP server, this connection work good, ftp commands work without errors. But, when I start a connection from the DMZ subnet to some FTP server and I run the dir command I get this response from the server:

      500 I won't open a connection to 192.168.3.6 (only to aaa.bbb.ccc.ddd)
      425 No data connection

      With this problem any tray to download from FTP server to DMZ subnet fail.

      I run the command "cat /tmp/rules.debug" to see the loaded rules and I get this:

      FTP Proxy/helper

      table <vpns>{ }
      no rdr on rl1 proto tcp from any to <vpns>port 21
      rdr on rl1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
      (En este caso no veo nada que le diga al FTP-Proxy helper la interfaz rl0)

      also

      rdr on rl1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021

      pass in quick on $DMZ proto tcp from 192.168.3.0/28 to { 127.0.0.1 } keep state label "USER_RULE: FTP-Proxy helper"
      pass in quick on $lan proto tcp from 10.10.0.0/16 to { 127.0.0.1 } keep state label "USER_RULE: FTP-Proxy helper"

      Does not exist rdr for rl0 interface.

      I install pfSense 1.2.3-RC1 and the problem was not fixed.

      How I can fix this problem?

      How I can load FTP Proxy helper for the optional interface? Can I use some command?

      Thanks for your help.

      joans4nz</vpns></vpns>

      1 Reply Last reply Reply Quote 0
      • T
        taunusstein.net
        last edited by

        pfsense FAQ e.g. says: "turn off ftp proxy", which solved problem for my application. If you use passive FTP, you should not turn in trouble. I think ftp proxy should be turned on by default, because it causes more trouble than running pfsense w/o ftp proxy.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.