FTP problem since RC3 –> RC3e and now also 1.0 RELEASE
-
The symptoms you are describing are VERY similar to the ones I had.
If you have the "Disable the userland FTP-Proxy application" unchecked on your LAN interface it will be expecting FTP traffic to be going through WAN interface.
I had all my routes going through OPT1 so it logged on to the FTP server OK but then no list. Change my default route to WAN and it works OK.
The comment was given that the FTP helper had been moved from before the user rules to after the user rules in RC3.
FTP uses different ports to set up the connection and actually transfer data, so the initial bit works fine but the second set of ports never connect because the routing is incorrect.
-
Please see http://cvstrac.pfsense.com/tktview?tn=1138,6 for a known issue and a workaround when using multiwan with ftphelper and natreflection.
-
??? ??? ??? ??? ???The mentioned work arround worked one time and then it stopped working ??? ??? ??? ??? ???
I am going back to RC2 again for the second time till this problem is resolved.
Greetings, Marcel
-
The workaround works fine, even after more than 1 day now at my office setup (dual wan setup utilizing policybasedrouting and a loadbalance anything rule at the bottom with 2 internal subnets, LAN and DMZ). I can use ftp in active and passive mode to different servers. I just checked and verified this once again. After applying the workaround reset states just to make sure. Also move the rule to the very top of your rules on each interface where you need it (usually internal interfaces).
-
??? ??? ??? ??? ???The mentioned work arround worked one time and then it stopped working ??? ??? ??? ??? ???
I am going back to RC2 again for the second time till this problem is resolved.
Greetings, Marcel
The problem IS solved, you really need to listed to hoba!
-
Course I am listening to Hoba and I tried it two times and it just won't "budge". When I am looking at the status no UDP is showing up internal and external there is UDP connection on FTP when I connect to a external FTP.
I am using aliasses for the source and the ports in the rules (ports 20 and 21) to reach my internal FTP server. I even removed all my loadbalancing and also in the rules.
I don't have a loadbalance anything rule only the build in block anything rule at the end you don't see in the list only in the comment underneath.
I am now on RC2 on a USB stick and my HDD contains 1.0 release so I can experiment with different setting after boot-up from stick or HDD.
I don't know what is going wrong and I put all the lines in place as suggested however no result after it worked for one time.
Greetings, Marcel
edit: I can HTTP the server, I can SSH the server, I have a connect FTP to the server however no LIST-ing of the files
-
I had problems with FTP before RC3, however with the 1.0-RELEASE it works great. Start over from scratch. Add the FTP rule and make sure you uncheck disable FTP helper on the WAN interface. It will just work.
-
I am using aliasses for the source and the ports in the rules (ports 20 and 21) to reach my internal FTP server. I even removed all my loadbalancing and also in the rules.
ftp happens on more than these 2 ports. In case you have a restrictive ruleset you need to allow connections to the ftphelper to open additionally needed ports.
-
!!!!!!!!WORKARROUND!!!!!!!!!!!
Finally solved after skipping RC3 and almost REL 1.0 I found the trouble maker and now I can connect!!!!!!
It was in Ticket 15066 / 15067 I now deactivated the block all to DMZ (the other subnet) rule on the the LAN (sorry, I am really restrictive in my rules).
I can now proceed with implementing the firewall because this "not working as expected" part of the pfSense firewall drove me almost nuts because Hoba and Sullrich kept telling me that it should work as expected.
One happy pfSense user, Marcel
Check-in Number: 15067
Date: 2006-Oct-17 17:28:17 (local)
2006-Oct-17 21:28:17 (UTC)
User: sullrich
Branch:
Comment: Woops, we need the ftp anchor BEFORE the user rules, and the inital PASS rules AFTER.This controls the initial port 21 connetion and once that is allowed through the ftp rules installed by pftpx should bypass USER_RULES.
Tickets:
Inspections:
Files:
pfSense/etc/inc/filter.inc 1.922 -> 1.923 4 inserted, 3 deleted -
This bug has been fixed. A new release will be forthcoming in the next couple weeks.
-
The workaround works fine, even after more than 1 day now at my office setup (dual wan setup utilizing policybasedrouting and a loadbalance anything rule at the bottom with 2 internal subnets, LAN and DMZ). I can use ftp in active and passive mode to different servers. I just checked and verified this once again. After applying the workaround reset states just to make sure. Also move the rule to the very top of your rules on each interface where you need it (usually internal interfaces).
Really strange,
I have also a dual WAN config with standart gateway for most things (except port 80) on opt1 and problems with external ftp servers.
I applied the workaround on http://cvstrac.pfsense.com/tktview?tn=1138,6 and now active ftp works as it should but with passive ftp I get no directory listing form external ftp server.
Is there an other workaround for this ;)
Greetings,
techatdd -
Hoba tx a lot. You made my day :D Couldn't understand why it wouldn't work after RC3…