Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FTP + SSL connection problem

    Routing and Multi WAN
    3
    9
    6094
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterclo last edited by

      Hey there,

      I can successfully connect to FTP servers thanks to the FTP workaround rule but since switching to my shiny pfsense router I can't complete the connection to a FTP/SSL server. I get the following error message:

      [11:33:10] 220
      [11:33:10] AUTH TLS
      [11:33:10] 234 AUTH command ok; starting SSL connection.
      [11:33:10] Connected. Exchanging encryption keys…
      [11:33:50] Timeout (40s).
      [11:33:50] Client closed the connection.

      Connecting to that server was working on our old router, it stopped working right when we switched to pfsense.

      Is this a know problem and is there a solution?

      1 Reply Last reply Reply Quote 0
      • S
        sai last edited by

        do the logs show anything being blocked at that time?

        1 Reply Last reply Reply Quote 0
        • P
          peterclo last edited by

          Nope, nothing :(

          There are no special rules on the firewall, except the FTP workaround and emule/Kademlia blocks on LAN and open ports for VPN and WebGUI on WAN.

          1 Reply Last reply Reply Quote 0
          • H
            hoba last edited by

            You could disable the ftp-helper but then you'll only be able to use passive ftp to remote servers.

            1 Reply Last reply Reply Quote 0
            • P
              peterclo last edited by

              Argh, that's too bad :(

              I'm not sure if I have to disable the FTP helper on LAN or WAN, so I tried both. Disabling it on LAN prevents me from connecting to the FTPS server, says I'm not recognized, disabling it on WAN gives me the same results as before :(

              1 Reply Last reply Reply Quote 0
              • H
                hoba last edited by

                You have to use passive mode with disabled ftp helper. Btw, you only need the ftphelper at WAN if you host a ftp server that has to be available from wan.

                1 Reply Last reply Reply Quote 0
                • P
                  peterclo last edited by

                  I tried disabling the FTP helper on WAN (checkbox checked) on WAN but while I still can connect to other FTP servers I still get a timeout on that FTPS server while exchanging keys :( Our client told us they can't change the process we get files from them so I'm stuck here :(

                  1 Reply Last reply Reply Quote 0
                  • P
                    peterclo last edited by

                    Would it work if I set up an SFTP server inside my LAN? Would my client be able to connect to it and upload his files without trouble?

                    1 Reply Last reply Reply Quote 0
                    • H
                      hoba last edited by

                      If not using the ftp-helper you need to froward all ports (controlport, usually 21 and the passive portrange) and you should try to make the server aware of the public IP the clients see it coming from.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post