Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Active ftp does not work - Release 1.2.3

    Scheduled Pinned Locked Moved NAT
    3 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      avalox
      last edited by

      Hi,

      i have some trouble in my Network.

      Passive FTP is working fine, but active FTP (to a remote Server) makes Problems.

      Example:

      
      [root@www30 ~]# ftp ftp.t-online.de
      Trying 62.153.159.136...
      Connected to ftp.t-online.de (62.153.159.136).
      220 T-Online ProFTPD Server
      Name (ftp.t-online.de:user): anonymous
      331 Anonymous login ok, send your complete email address as your password.
      Password:
      230 Anonymous access granted, restrictions apply.
      Remote system type is UNIX.
      Using binary mode to transfer files.
      ftp> ls
      227 Entering Passive Mode (62,153,159,136,132,186)
      150 Opening ASCII mode data connection for file list
      -r--r-----   1 root     ftp            12 May 13  2005 keepalive.ftp
      dr-xr-x---   3 root     ftp           104 Mar  9 11:51 pub
      226 Transfer complete.
      ftp> pass
      Passive mode off.
      ftp> ls
      500 Illegal PORT command
      ftp: bind: Address already in use
      ftp> 221 Goodbye.
      
      

      our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.

      The setup is like this:

      www30 (192.168.2.16) -> pfsense (192.168.2.1) -> Internet

      Hope one of you has some hint for me.

      best regards and thanks in advanced

      If you need mor Information - let me know.
      Sebastian

      EDIT:

      woukd like to add a tcpdump, but dont get it run?!

      tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?

      1 Reply Last reply Reply Quote 0
      • E
        Eugene
        last edited by

        Can you do```
        netstat -an

        http://ru.doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • E
          EddieA
          last edited by

          @avalox:

          our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.

          For active FTP, the server make a return connection, back to the client.  pfSense is possibly blocking that reply, which will be coming in on a port higher than 1024.  Although that doesn't seem to happen on my system, and I will say, I'm not at all sure why.  Do the firewall logs show anything being blocked.

          My setup has the WAN Proxy enabled, and the LAN disabled.  This sticky does mention about problems with changing the rules a lot of times.  Maybe try a "clean start".

          @avalox:

          woukd like to add a tcpdump, but dont get it run?!

          tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?

          Is this a nano setup.  If so, then look here.

          Cheers.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.