• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Ftp only works port connection type not passive

Scheduled Pinned Locked Moved NAT
15 Posts 5 Posters 22.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rsw686
    last edited by Sep 13, 2006, 11:56 PM

    Is there something I am missing. FTP works only with the port connection type. Thus if I try and pull it up in firefox, etc that use passive connections it will not connect.

    Heres the error using passive mode. Seems that pftpx is not giving out the lan ip address for the client to connect to.

    COMMAND:> PASV
    227 Entering Passive Mode (10,10,1,15,149,86)
    COMMAND:> LIST
    STATUS:>  Connecting ftp data socket 10.10.1.15:38230…

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Sep 13, 2006, 11:57 PM

      In case you run anything older than this please upgrade: http://pfsense.com/~sullrich/1.0-SNAPSHOT-09-12-06/

      1 Reply Last reply Reply Quote 0
      • R
        rsw686
        last edited by Sep 14, 2006, 5:02 AM

        @hoba:

        In case you run anything older than this please upgrade: http://pfsense.com/~sullrich/1.0-SNAPSHOT-09-12-06/

        I was using the 9-3-2006 snapshot, but just upgraded to the 9-12-2006 snapshot and am having the same issue still. Feel free to try and ftp to the server "wgnrs.dynalias.com". It accepts anonymous connections and is just a blank install of vsFTPd on Fedora Core 4.

        passive mode communication
        –-------------------------------------
        mason> ftp     
        ftp> passive
        Passive mode on.
        ftp> open wgnrs.dynalias.com
        Connected to wgnrs.dynalias.com.
        220 (vsFTPd 2.0.3)
        Name (wgnrs.dynalias.com): anonymous
        331 Please specify the password.
        Password:
        230 Login successful.
        Remote system type is UNIX.
        Using binary mode to transfer files.
        ftp> cd pub
        250 Directory successfully changed.
        ftp> ls
        421 Service not available, remote server has closed connection
        Passive mode refused. Try PORT
        No control connection for command: Transport endpoint is not connected

        port mode communication

        mason> ftp           
        ftp> open wgnrs.dynalias.com
        Connected to wgnrs.dynalias.com.
        220 (vsFTPd 2.0.3)
        Name (wgnrs.dynalias.com): anonymous
        331 Please specify the password.
        Password:
        230 Login successful.
        Remote system type is UNIX.
        Using binary mode to transfer files.
        ftp> cd pub
        250 Directory successfully changed.
        ftp> ls
        200 PORT command successful. Consider using PASV.
        150 Here comes the directory listing.
        226 Directory send OK.
        ftp> cd ..
        250 Directory successfully changed.
        ftp> ls
        200 PORT command successful. Consider using PASV.
        150 Here comes the directory listing.
        pub
        226 Directory send OK.
        5 bytes received in 0.0036 seconds (1.36 Kbytes/s)

        1 Reply Last reply Reply Quote 0
        • R
          rsw686
          last edited by Sep 14, 2006, 5:11 AM

          After the upgrade I'm now getting a ton of msntp errors so I am clean installing the snapshot. Well see how it goes.

          Sep 14 01:21:33 msntp[3201]: msntp: Unknown error: 0
          Sep 14 01:21:33 msntp[3201]: msntp: unable to locate IP address/number
          Sep 14 01:21:33 msntp[3201]: msntp: bad daemon restart information
          Sep 14 01:21:33 msntp[3201]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state 61.129.66.79
          Sep 14 01:21:33 msntp[3201]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000

          1 Reply Last reply Reply Quote 0
          • R
            rsw686
            last edited by Sep 14, 2006, 5:44 AM

            Got it clean installed to snapshot 09-12-06 and the msntp error looks like it cleared up see output below. I can't remember if the bad daemon restart information was always there or not. Anyways, ftp still has the same issue where passive transfers don't work.

            Sep 14 01:52:45 msntp[636]: msntp: 2006 Sep 14 01:52:45.132 + -0.000 +/- 0.206 secs
            Sep 14 01:52:45 msntp[636]: msntp: after 0.6 secs acc. 1 rej. 0 flush 0 max.off. 0.369 corr. 0.369
            Sep 14 01:52:44 msntp[636]: msntp: using NTP server 20six.fr (84.16.227.161)
            Sep 14 01:52:44 msntp[636]: msntp: bad daemon restart information
            Sep 14 01:52:44 msntp[636]: d=18000 c=5 x=18000 op=1 l=/var/run/msntp.pid f=/var/db/msntp.state 84.16.227.161
            Sep 14 01:52:44 msntp[636]: msntp options: a=2 p=0 v=1 e=0.100 E=5.000 P=2147483647.000

            1 Reply Last reply Reply Quote 0
            • G
              Gertjan
              last edited by Sep 14, 2006, 8:28 AM Sep 14, 2006, 6:21 AM

              If your talking 'incoming ftp connection' to a internal FTP server on your LAN, then drop by overhere: http://forum.pfsense.org/index.php?topic=2071.msg11954#msg11954

              If all these posts describe your problem, than you will find a temp. solution over there.

              It's (re) boot persistent.

              And, just tested, Active and Passive FTP transfer works. (FTP Server = Serv-U (demo-latest) on LAN, FTP Client accessing from the Internet, using SmartFtp (demo-latest).

              PS: I don't think msntp is FTP related. I also upgraded to 1.0-SNAPSHOT-09-12-06 - built on Tue Sep 12 21:37:35 UTC 2006 - but didn't saw any issues. msntp just grabs the time from the net.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • R
                rsw686
                last edited by Sep 14, 2006, 12:50 PM

                @Gertjan:

                If your talking 'incoming ftp connection' to a internal FTP server on your LAN, then drop by overhere: http://forum.pfsense.org/index.php?topic=2071.msg11954#msg11954

                If all these posts describe your problem, than you will find a temp. solution over there.

                It's (re) boot persistent.

                And, just tested, Active and Passive FTP transfer works. (FTP Server = Serv-U (demo-latest) on LAN, FTP Client accessing from the Internet, using SmartFtp (demo-latest).

                PS: I don't think msntp is FTP related. I also upgraded to 1.0-SNAPSHOT-09-12-06 - built on Tue Sep 12 21:37:35 UTC 2006 - but didn't saw any issues. msntp just grabs the time from the net.

                No I know the msntp issue is not related. Just that I was advised to goto the latest snapshot and when I did the upgrade msntp errors starting popping up every minute. Thus I ended up doing a clean install.

                My ftp issue is not the same. My IP address hardly changes and I don't use PPoE. Yes this is an incoming ftp issue.

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich
                  last edited by Sep 14, 2006, 12:57 PM

                  Msntp has nothing to do with FTP.  Upgrade to the latest testing snapshot.

                  1 Reply Last reply Reply Quote 0
                  • T
                    Tomba
                    last edited by Sep 14, 2006, 3:28 PM

                    @rsw686:

                    Is there something I am missing. FTP works only with the port connection type. Thus if I try and pull it up in firefox, etc that use passive connections it will not connect.

                    Heres the error using passive mode. Seems that pftpx is not giving out the lan ip address for the client to connect to.

                    COMMAND:> PASV
                    227 Entering Passive Mode (10,10,1,15,149,86)
                    COMMAND:> LIST
                    STATUS:>  Connecting ftp data socket 10.10.1.15:38230…

                    Did you make sure to define which ports the FTP server uses as PASV ports ? If you don't the FTP server will pick a free portnumber at random, which I'm sure your firewall will block.
                    If the answer is yes; do you also allow traffic to pass ? (Firewall –> Rules should have an entry for your PASV port range)
                    If the answer is no; define which ports the PASV data transport should use and add a rule to allow traffic to pass in pfSense.

                    BTW maybe you should consider using webdav; a client is default in almost any OS (including Windows) and when used with SSL it's safer than FTP as well (e.g. passwords don't get sent over the internet in clear text)

                    1 Reply Last reply Reply Quote 0
                    • S
                      sullrich
                      last edited by Sep 14, 2006, 3:32 PM

                      There is no reason to forward anything but port 21.

                      The entire reason of the FTP helper is to prevent the user from needing to tear open the firewall.

                      The FTP Helper dynamically opens ports as they are needed.

                      1 Reply Last reply Reply Quote 0
                      • T
                        Tomba
                        last edited by Sep 14, 2006, 5:01 PM

                        @sullrich:

                        There is no reason to forward anything but port 21.

                        The entire reason of the FTP helper is to prevent the user from needing to tear open the firewall.

                        The FTP Helper dynamically opens ports as they are needed.

                        I didn't know this was what the FTP helper was for :)

                        In that case I have the exact same problem because without the PASV port forwards enabled on my pfSense box (RC2) I get the exact same problem…. (with Serv-U FTP)

                        1 Reply Last reply Reply Quote 0
                        • S
                          sullrich
                          last edited by Sep 14, 2006, 5:03 PM

                          Upgrade to http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-12-06/

                          1 Reply Last reply Reply Quote 0
                          • R
                            rsw686
                            last edited by Sep 14, 2006, 5:30 PM

                            @sullrich:

                            Upgrade to http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-12-06/

                            I already updated to the latest version SNAPSHOT-09-12-06 and am still having the problem. The ftp helper will not open the ports for passive mode. Only works for port mode. I even tried defining my ip address in vsftp for passive mode and it still does not work.

                            The guy who recommended I use something else, thats not the point. I would like to get FTP working. I normally use SSH anyways.

                            1 Reply Last reply Reply Quote 0
                            • S
                              sullrich
                              last edited by Sep 14, 2006, 5:40 PM

                              #1 Make sure you are using CARP type ips for virtual ips
                              #2 Make sure the port forward is for port "21" ONLY

                              If you are on the latest version and follow the above it really should work.

                              1 Reply Last reply Reply Quote 0
                              • G
                                Gertjan
                                last edited by Sep 14, 2006, 7:15 PM

                                @sullrich:

                                #1 Make sure you are using CARP type ips for virtual ips
                                #2 Make sure the port forward is for port "21" ONLY

                                If you are on the latest version and follow the above it really should work.

                                Sure ?

                                I'm using a PPPoE connection on the WAN interface, and I can assure you that

                                1. These two ones are running after reboot (and IP 24H 'hup'):
                                  /usr/local/sbin/pftpx -c 8021 -g 8021 192.168.1.1
                                  /usr/local/sbin/pftpx -c 8022 -g 8021 192.168.2.1
                                2. This one won't be there (except when making an initial FTP port 21 rule in the NAT table - Apply)
                                  /usr/local/sbin/pftpx -f 192.168.1.2 -b 82.125.93.41 -c 21 -g 21
                                  If a FTP port 21 rule was already present, I have do remove ot before (as the 2 auto created firewall WAN rules).

                                Am I saying wrong, or do I miss something?
                                When filter.inc installs pftpx [wanIP] [lanIP]…, pftpx will bail out (visible in the system log).

                                Anyway, checking check_reload_status.c right now to see wo is runnig what and when.... (rather simple piece of code at first - but your baby IS complicated when you dig into it...  )

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                1 Reply Last reply Reply Quote 0
                                1 out of 15
                                • First post
                                  1/15
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                  This community forum collects and processes your personal information.
                                  consent.not_received