Ftp problem?
-
i'm using 1.0-RC3 built on Mon Oct 2 01:06:05 UTC 2006
(and firmware upgrade 1.0rc3a,b,d,f applied)port forward :
212.xxx.xxx.xxx port 21 to 10.6.1.21 port 21
this ip type carp/24wan rules:
proto: tcp src:* port:* dest: 10.6.1.21 port: ftpinterface lan ftp helper unchecked
interface opt1 ftp helper checkederror:
02:54:12] [R] Connecting to 212.xxx.xxx.xxx -> IP=213.xxx.xxx.xxx PORT=21
[02:54:12] [R] Connected to 212.xxx.xxx.xxx
[02:54:12] [R] 220 ftp_srv_1 Microsoft FTP Service (Version 5.0).
[02:54:12] [R] USER anonymous
[02:54:12] [R] 331 Anonymous access allowed, send identity (e-mail name) as password.
[02:54:12] [R] PASS (hidden)
[02:54:12] [R] 230 Anonymous user logged in.
[02:54:12] [R] SYST
[02:54:12] [R] 215 Windows_NT version 5.0
[02:54:12] [R] FEAT
[02:54:12] [R] 500 'FEAT': command not understood
[02:54:12] [R] CWD /
[02:54:13] [R] 250 CWD command successful.
[02:54:13] [R] PWD
[02:54:13] [R] 257 "/" is current directory.
[02:54:13] [R] TYPE A
[02:54:13] [R] 200 Type set to A.
[02:54:13] [R] PASV
[02:54:13] [R] 227 Entering Passive Mode (212,xxx,xxx,xxx,252,177)
[02:54:13] [R] Opening data connection IP: 212.xxx.xxx.xxx PORT: 64689
[02:54:34] [R] Data Socket Error: Connection timed out
[02:54:34] [R] List Error
[02:54:34] [R] PASV
[02:54:34] [R] 227 Entering Passive Mode (212,xxx,xxx,xxx,252,105)
[02:54:34] [R] Opening data connection IP: 212.xxx.xxx.xxx PORT: 64617
[02:54:55] [R] Data Socket Error: Connection timed out
[02:54:55] [R] List Errorpls help me?
-
This is covered many times at the forum. First delete all nats and forwards that you created for the ftp so you can start over.
After the cleanup do:
- enable ftp helper at WAN
- add portforward for port 21 to the internal ftpserver, keep autocreate firewallrule checked
- save and apply
-
This is covered many times at the forum. First delete all nats and forwards that you created for the ftp so you can start over.
After the cleanup do:
- enable ftp helper at WAN
- add portforward for port 21 to the internal ftpserver, keep autocreate firewallrule checked
- save and apply
I do this and it works successfull. But two rules for FTP appears, I thinks it is strange or it is OK ?
-
It's ok, one is for the ftphelper to handle the traffic and is needed. It also notes this when you create the portforward in the red infobox with the apply button.
-
my system log have:
php: : No source NAT rule found for interface LAN - not using the FTP proxy
no nat need for my lan side (only need dmz/opt1 side)
my lan clients not connect any ftp server (active or passive)
but my lan side have rule ftp to any.. and lan interface ftp helper enabled (unchecked) -
My bad, i'll see to it that it gets fixed.
So we need to skip that logic for interfaces with a gateway.
Very well. I can do that.
-
It's fixed for a while now. Does it work for you now?
-
latest snahpshoot "pfSense-Full-Update-1.0.1-SNAPSHOT-02-27-2007.tgz"?
-
-
There are some special edgecases where the ftphelper doesn't work correct in the latest snaps. We just found something and are working on the fix. Follow the cvstrac timeline to see what's going on.
-
thanks. congrats!
after 1.0.1-SNAPSHOT-03-08-2007 snapshot update problem resolved.
(but, i think nat reflection problem exist, may be)previous connection setup:
lan to dmz connections used nat real ip (real wan ip)
currently internal ip (opt ip)example:
previous setup: (my ordinary setup)
nat reflection enabled
nat: 212.x.y.93 -> 10.6.1.93 = port: 21 (used auto created rules)
lan clients connection 212.x.y.93 success, but 10.6.1.93 not succes
(wan to ftp server connection success)current setup:
nat reflection enabled
nat: exactly
lan clients connection 10.6.1.93 success, but 212.x.y.93 not success
(wan to ftp server connection success)if true, this is my new ordinary setup..