4. Active ftp does not work - Release 1.2.3

Active ftp does not work - Release 1.2.3

  • A

    Hi,

    i have some trouble in my Network.

    Passive FTP is working fine, but active FTP (to a remote Server) makes Problems.

    Example:

    
[root@www30 ~]# ftp ftp.t-online.de
Trying 62.153.159.136...
Connected to ftp.t-online.de (62.153.159.136).
220 T-Online ProFTPD Server
Name (ftp.t-online.de:user): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (62,153,159,136,132,186)
150 Opening ASCII mode data connection for file list
-r--r-----   1 root     ftp            12 May 13  2005 keepalive.ftp
dr-xr-x---   3 root     ftp           104 Mar  9 11:51 pub
226 Transfer complete.
ftp> pass
Passive mode off.
ftp> ls
500 Illegal PORT command
ftp: bind: Address already in use
ftp> 221 Goodbye.

    our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.

    The setup is like this:

    www30 (192.168.2.16) -> pfsense (192.168.2.1) -> Internet

    Hope one of you has some hint for me.

    best regards and thanks in advanced

    If you need mor Information - let me know.
    Sebastian

    EDIT:

    woukd like to add a tcpdump, but dont get it run?!

    tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?

    0
  • E

    Can you do```
    netstat -an

    0
  • E

    @avalox:

    our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.

    For active FTP, the server make a return connection, back to the client.  pfSense is possibly blocking that reply, which will be coming in on a port higher than 1024.  Although that doesn't seem to happen on my system, and I will say, I'm not at all sure why.  Do the firewall logs show anything being blocked.

    My setup has the WAN Proxy enabled, and the LAN disabled.  This sticky does mention about problems with changing the rules a lot of times.  Maybe try a "clean start".

    @avalox:

    woukd like to add a tcpdump, but dont get it run?!

    tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?

    Is this a nano setup.  If so, then look here.

    Cheers.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy