Active ftp does not work - Release 1.2.3



  • Hi,

    i have some trouble in my Network.

    Passive FTP is working fine, but active FTP (to a remote Server) makes Problems.

    Example:

    
    [root@www30 ~]# ftp ftp.t-online.de
    Trying 62.153.159.136...
    Connected to ftp.t-online.de (62.153.159.136).
    220 T-Online ProFTPD Server
    Name (ftp.t-online.de:user): anonymous
    331 Anonymous login ok, send your complete email address as your password.
    Password:
    230 Anonymous access granted, restrictions apply.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls
    227 Entering Passive Mode (62,153,159,136,132,186)
    150 Opening ASCII mode data connection for file list
    -r--r-----   1 root     ftp            12 May 13  2005 keepalive.ftp
    dr-xr-x---   3 root     ftp           104 Mar  9 11:51 pub
    226 Transfer complete.
    ftp> pass
    Passive mode off.
    ftp> ls
    500 Illegal PORT command
    ftp: bind: Address already in use
    ftp> 221 Goodbye.
    
    

    our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.

    The setup is like this:

    www30 (192.168.2.16) -> pfsense (192.168.2.1) -> Internet

    Hope one of you has some hint for me.

    best regards and thanks in advanced

    If you need mor Information - let me know.
    Sebastian

    EDIT:

    woukd like to add a tcpdump, but dont get it run?!

    tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?



  • Can you do```
    netstat -an



  • @avalox:

    our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.

    For active FTP, the server make a return connection, back to the client.  pfSense is possibly blocking that reply, which will be coming in on a port higher than 1024.  Although that doesn't seem to happen on my system, and I will say, I'm not at all sure why.  Do the firewall logs show anything being blocked.

    My setup has the WAN Proxy enabled, and the LAN disabled.  This sticky does mention about problems with changing the rules a lot of times.  Maybe try a "clean start".

    @avalox:

    woukd like to add a tcpdump, but dont get it run?!

    tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?

    Is this a nano setup.  If so, then look here.

    Cheers.


Log in to reply