FTP Proxy helper does not load on optional interface


  • Hi,

    I am testing pfSense 1.2.2, for some weeks with good results except with FTP Proxy helper. I have installed in a PC  with 3 NICs, sis0 for WAN, rl1 for LAN and rl0 for DMZ (Optional1), with FTP Proxy helper enabled (unchecked the option Disable the userland FTP-Proxy application) on LAN and DMZ (Optional1).

    For LAN and DMZ interfaces the first rule is allow traffic from any source port to 127.0.0.1, to any destination port. On DMZ subnet I have located my servers also my Kaspersky Antivirus Server.

    If a connection start from the LAN subnet to some FTP server, this connection work good, ftp commands work without errors. But, when I start a connection from the DMZ subnet to some FTP server and I run the dir command I get this response from the server:

    500 I won't open a connection to 192.168.3.6 (only to aaa.bbb.ccc.ddd)
    425 No data connection

    With this problem any tray to download from FTP server to DMZ subnet fail.

    I run the command "cat /tmp/rules.debug" to see the loaded rules and I get this:

    FTP Proxy/helper

    table <vpns>{ }
    no rdr on rl1 proto tcp from any to <vpns>port 21
    rdr on rl1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
    (En este caso no veo nada que le diga al FTP-Proxy helper la interfaz rl0)

    also

    rdr on rl1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021

    pass in quick on $DMZ proto tcp from 192.168.3.0/28 to { 127.0.0.1 } keep state label "USER_RULE: FTP-Proxy helper"
    pass in quick on $lan proto tcp from 10.10.0.0/16 to { 127.0.0.1 } keep state label "USER_RULE: FTP-Proxy helper"

    Does not exist rdr for rl0 interface.

    I install pfSense 1.2.3-RC1 and the problem was not fixed.

    How I can fix this problem?

    How I can load FTP Proxy helper for the optional interface? Can I use some command?

    Thanks for your help.

    joans4nz</vpns></vpns>


  • pfsense FAQ e.g. says: "turn off ftp proxy", which solved problem for my application. If you use passive FTP, you should not turn in trouble. I think ftp proxy should be turned on by default, because it causes more trouble than running pfsense w/o ftp proxy.