Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FTP… oh what a thorn in my side

    2.0-RC Snapshot Feedback and Problems - RETIRED
    5
    8
    2403
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cr_hyland last edited by

      What is the deal with FTP? It was a nightmare in 1.2.x and I had massive hopes 2.0 would resolve all of the issues but no. I have used many different software and hardware firewalls over the years and although I have converted every firewall at my customers sites to pfSense I still cant get used to the fact that FTP is for the most part broken or very troublesome.
      I absolutely love pfSense and am even using 2.0 alpha for a bunch of 16 webservers ( I know ive been warned not to ) but I still see little hope of FTP working properly.

      I have 3 interfaces

      wan
      lan
      webservers

      wan and webservers are bridged.

      I have created rules to allow port 20 and 21 in on the wan interface to the webservers but no ftp traffic gets through. Regardless of whether the clients are using passive of active ftp.
      If I open all ports on the firewall ftp works fine.

      Clients get as far as entering the username and password but cannot create the data connection after that.

      It was similar problems with 1.2.x hence the reason for upgrading to 2.0 to try and resolve this.

      Any help would be much appreciated.
      And keep up the good work. 2.0 is going to be a cracker :-)

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        Can you get me a tcpdump on this machine with full packet headers.
        A command like:
        tcpdump -i $int -vvvXs 0 tcp

        1 Reply Last reply Reply Quote 0
        • R
          rpsmith last edited by

          General FTP Setup:

          WAN Rule: | Pass | WAN | TCP | * | * | FTP-Server | port 21 | (NAT rule also required if not bridging).
          LAN Rule for outbound port 20 only required if you do not have a default LAN to any rule.

          For passive mode you will need a WAN rule to pass a TCP port range to your FTP-Server.
          I usually use 50200-50215.  You might need to make this range larger if you have lots of concurrent users.
          WAN Rule: | Pass | WAN | TCP | * | * | FTP-Server | port 50200-50215 | (NAT rule also required if not bridging).

          And finally you will also need to configure your FTP-Server's Passive Port Range to reflect the same port range used above and tell your FTP-Server what its public IP is.

          rpsmith…

          1 Reply Last reply Reply Quote 0
          • N
            nocer last edited by

            just wondering if the proxy runs correctly…

            cheers,

            1 Reply Last reply Reply Quote 0
            • E
              eri-- last edited by

              There is no proxy on 2.0 it is handled in kernel.
              That is why i need the tcpdump.

              In 2.0 for the Lan rule you need it the WAN no. Though now that i remember it will work only on NAT cases and that is why it does not work on the bridge case. I will take a look later on to see if i can fix even that case.

              1 Reply Last reply Reply Quote 0
              • C
                cr_hyland last edited by

                I will get the tcp dump and post in a couple of minutes…

                So currently 2.0 doesnt support ftp on the bridged interface, is that correct or did I pick it up wrong?

                Also, ive just tried using filezilla as my ftp client and in passive mode it gets as far as MLSD then connection timed out. Cannot retrieve directory listing.

                Cheers for all the replies..

                1 Reply Last reply Reply Quote 0
                • V
                  vorgusa last edited by

                  Did you try using the FTP helper for the WAN or webserver interfaces?

                  1 Reply Last reply Reply Quote 0
                  • C
                    cr_hyland last edited by

                    There is no ftp helper in 2.0 latest builds to my knowledge..

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy