Problem with FTP.



  • I have a server on my lan that want access to an ftp internet server.

    I have allowed on my lan interface tcp/udp port ftp to everybody on internet from all my lan.

    When i do en ftp ftpperso.free.fr (really known ftp server) (i have done the same test with many others providers) it goes out in time out.
    I have a look on the shell console (in the "Filter Logs" section) i have this :

    000000 rule 156/0(match): pass in on sis0: 10.0.10.252.34230 > 127.0.0.1.8021: S 1702847089:1702847089(0) win 5840 <mss 1460,sackok,timestamp[|tcp]="">It is strange that my log show that i want to connect to 127.0.0.1 (the firewall itself ??!!)
    I'm in 1.0.1 release….

    i can add any logs wanted for debugging.

    Best regards
    Guillaume</mss>



  • Not strange at all. 127.0.0.1 is the ftphelper that dynamically allows traffic at additionally needed ports. Do you have a multiwan setup? Did you try passive or active mode?

    Btw, there is really A LOT of discussion going on about FTP at the forum. I hope you have already searched.



  • oups i had a look but you'r post show me that i didn't had a good look, so i searched again.
    I foud this topic that explained me how to disable the pftpx

    http://forum.pfsense.org/index.php/topic,2196.0.html

    Best regards
    Thank you



  • How can i enable PASV MODE in pfsense ? …

    Thanks,



  • The ftp proxy usually does take care of this.



  • but if i enable the ftp proxy, nobody can access my ftp.



  • Which is in stark contrast of everyone else that uses it.  It works out of the box with it enabled.  Check your FTP client settings, etc.



  • @sullrich:

    Which is in stark contrast of everyone else that uses it.  It works out of the box with it enabled.  Check your FTP client settings, etc.

    I am actually have a similar issue with the FTP Helper not working. But I need help with this issue. When an coming connection comes in, the client sets everything up but according to the log files the control channel (tcp/20) is blocked. I have WAN, OPT1, OPT2, and LAN setup where everything but LAN is public IPs. Is the issue that I'm not natting the connection and therefore the FTP proxy is not working? Any help would be greatly appreciated.

    Thanks,

    Jeremy



  • the ftp proxy is to help with nat
    don't think it will do somthing if there is no nat



  • It's dynamically opening additional ports for the ftp traffic. It's not only helping with NAT.



  • @hoba:

    It's dynamically opening additional ports for the ftp traffic. It's not only helping with NAT.

    So does that mean that NAT is needed or not needed for the FTP proxy to work?

    Thanks

    Jeremy



  • Don't want to sound rude but please search the forum. The ftp proxy and how to set it up is REALLY described every few lines throughout the forum.


Locked