Problem connecting to ftp sites DUAL WAN using static routing
-
Ah, ok. I misunderstood something here. I think you are bitten by this bug: http://cvstrac.pfsense.com/tktview?tn=1138,6
The workaround is in the report. turn the ftphelper on at the internal subnets and place the loopbackrule at every internal interface that needs it. Also try with passivemode if this still doesn't work.
-
Hi,
As indicated I have enabled; removed checkbox at Interfaces-> LAN -> Disable the userland FTP-Proxy application
Added the following rule, as indicated in the work around, for LAN and DMZ:
Proto Source Port Destination Port Gateway Description
TCP/UDP * * 127.0.0.1 1 - 65535 * FTP fixPlease note that I am NOT load balancing, just static routing.
The issue remains the same, I do not know if the following info is of any use.. but just in case.. Total connander ftp client log output. Dos command line ftp message remains the same also.
331 User rtuin OK. Password required
PASS ***********
230-User rtuin has group access to: rtuin
230 OK. Current restricted directory is /
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
Connect ok!
PWD
257 "/" is your current location
Get directory
TYPE A
200 TYPE is now ASCII
PORT 192,168,2,4,15,195
500 I won't open a connection to 192.168.2.4 (only to my.ext.ip.nr)regards,
rowdy
-
Try passive mode.
-
Hi,
In passive mode it simply will not LIST.. one can wait for minutes..Connect ok!
PWD
257 "/" is your current location
Get directory
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (85,17,3,142,215,115)
LIST
Cancel pressed!In dos the following:
ftp> ls
–-> PORT 192,168,2,4,15
500 I won't open a conne
---> NLST
425 No data connectionSo any suggestiosn are still welcome.. I am just stuck at this one?
If some one is able to ftp tp websites etc from LAN to any internet hosted ftp server using staic Dual WAN please let me know what your settings are.. -
I do, even with loadbalancing in active and passive mode when using this workaround rule ;)
-
hahaha could have guessed… I hope I will too soon.. :-)
-
Oh, btw, you have to reset states after you added the loopbackrule. If you still have old states in your statetable and you try to get tot he same server again you will still see the problem. (diagnostics>states, reset states)
-
:-( did that .. even before posting .. even after the workaround..
I did a reboot and that solves it.. as it seems resetting states isn't working.. I have that with rule changes also..
Anyway the workaround has solved the main issue..
Thanks Hoba ..
-
Oh, then you see the filter_reload bug as well. This has been fixed and will be available as download soon (1.0.1 is in the pipe).
-
Oh, then you see the filter_reload bug as well. This has been fixed and will be available as download soon (1.0.1 is in the pipe).
Arg…that bug SUCKS :-/ Why oh why was this not caught in the RC's sigh. One wonders if nobody used them.
--Bill
-
I think I have the same problem and even slightly worse :-\
I couldn't connect to any FTP server on the Internet so I added the workaround rule above my Allow All on LAN and redirected it to the default gateway (WAN, I'm loadbalancing on WAN and OPT1). Now I can connect to FTP servers (including passively) but sometimes it can't LIST, and just hang there, regardless of the FTP client. I did a state reset and even a reboot, to no avail :(
-
Make sure you use "default" (should show up as an asterisk in the rules view) instead of the WAN-IP as gateway.
-
Yep, that's what I was using. I updated to 1.0.1 and after the reboot it seems to be working now :)
Anyway, if my WAN comes down I'll have to edit the workaround rule to use OPT1 as the gateway, right?
-
The ftp helper can only be used at the original WAN as it is a userland application that can't make use of the loadbalancer. This is a limitation. Btw, we fixed something behind the scenes, so you should try if you now can do without the workaround rule. Just disable it and try again.
-
No luck without the workaround :(