Active ftp does not work - Release 1.2.3
-
Hi,
i have some trouble in my Network.
Passive FTP is working fine, but active FTP (to a remote Server) makes Problems.
Example:
[root@www30 ~]# ftp ftp.t-online.de Trying 62.153.159.136... Connected to ftp.t-online.de (62.153.159.136). 220 T-Online ProFTPD Server Name (ftp.t-online.de:user): anonymous 331 Anonymous login ok, send your complete email address as your password. Password: 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (62,153,159,136,132,186) 150 Opening ASCII mode data connection for file list -r--r----- 1 root ftp 12 May 13 2005 keepalive.ftp dr-xr-x--- 3 root ftp 104 Mar 9 11:51 pub 226 Transfer complete. ftp> pass Passive mode off. ftp> ls 500 Illegal PORT command ftp: bind: Address already in use ftp> 221 Goodbye.
our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.
The setup is like this:
www30 (192.168.2.16) -> pfsense (192.168.2.1) -> Internet
Hope one of you has some hint for me.
best regards and thanks in advanced
If you need mor Information - let me know.
SebastianEDIT:
woukd like to add a tcpdump, but dont get it run?!
tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?
-
Can you do```
netstat -an -
our pfsense only filters incoming traffic. For testing i disabled / enabled the "userland FTP-Proxy application" on all Interfaces in several Interface combinatios but nothing worked.
For active FTP, the server make a return connection, back to the client. pfSense is possibly blocking that reply, which will be coming in on a port higher than 1024. Although that doesn't seem to happen on my system, and I will say, I'm not at all sure why. Do the firewall logs show anything being blocked.
My setup has the WAN Proxy enabled, and the LAN disabled. This sticky does mention about problems with changing the rules a lot of times. Maybe try a "clean start".
woukd like to add a tcpdump, but dont get it run?!
tcpdump -vv -i em1 for example show nothing, but there is traffic. Am i doing something wrong?
Is this a nano setup. If so, then look here.
Cheers.