FTP-Helper translating FTP PORT command problem



  • Hi all

    I have been doing quite a bit of readng and my own investigation of this problem.

    I have an FTP client behind a pfsense Firewall (Tried Stabe anf RC3 release) trying to access a FTP server on the internet which isn't setup for passive connections.  I have no controll over the server and can't convice them to enable passive connections.

    Currently we have a smoothwall express system in production but we are trying to move for some of the improved features in pfsense.

    After much investigation and setting up a FTP server i do control i can see what is going on.

    our network config is like so:

    Client -> pfsense -> DSL Modem -> Internet -> FTP Server

    The FTP Client is failing by reporting an illegal PORT command, which it is reporting as the internal IP of the machine the client is running on.

    Looking in the FTP logs i can see that the FTP Server is seeing the PORT command as having the WAN IP of the pfsense machine which is still an internal IP and so fails again.  The smoothwall firewall is translating the PORT command with the actually external IP of the Modem which is must be workign out it's self which is why it is currently working.

    In my testing i have tried killing off all the pftpx instance and running it manualy with the command:
    pftpx -b <external_ip>-c 8021 -g 8021

    But that and everythign else i have tried error with
    bind failed: Can't assign requested address

    I know i could get a modem that would translate the PORT command yet again, but that feels like admitting defeat at this point and finding a solution would make allot of people realy happy from what i have read on the boards.

    Any and all help appreciated, thanks</external_ip>



  • edit: ignore me. i cannot read right..


  • Banned

    It would be nice with an FTP guide, when using alternate ports…

    It only handles FTP on port 21. And it is bloody difficult to get FTP going on alternate ports within PFSense....



  • I aren't even using alternate ports

    The 8021 port numbers listed just seem to be the ports pftpx uses by default.  Which is support by the ftp-troubleshooting guide which suggests opening 8000-8030 on 127.0.0.1

    Really just need a check box instructing the PFSense to try to detemine the actual external IP and then to launch pftpx with instructions to re-write PORT commands with that IP Address

    I tried to do this manually in the config but it kept on complaining it couldn't bind to that address….  Which suggests it was trying to listen on that address (possibly for the FTP data connection) which would also need to be tweaked so it always just binds to the WAN connection i guess.


  • Banned

    I am having trouble with getting PFsense to forward the original IP adress of the client, instead of the PFsense LAN IP….

    I have followed the guide, but to no avail.....


Log in to reply