Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP problem

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    19 Posts 5 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hurtlinb
      last edited by

      Hi all,

      I'm using 2.0-BETA5 (amd64) built on Sun Jan 16 17:14:50 EST 2011.
      I've a FTP server (vsftpd) running behind Pfsense. But i really can't connect to the FTP, timing out after LIST.
      The PASV command does not success.

      After some search, i have found that an ftp helper is runing, but not correctly. Is there a way to disable it in Pfsense 2 ?

      Thanks,

      BLaise

      1 Reply Last reply Reply Quote 0
      • J
        jlepthien
        last edited by

        Use the search before posting! Even on the first page of this forum is a topic related to your problem…

        ...ah. And welcome to the forum ;)

        | apple fanboy | music lover | network and security specialist | in love with cisco systems |

        1 Reply Last reply Reply Quote 0
        • H
          hurtlinb
          last edited by

          @jlepthien:

          Use the search before posting! Even on the first page of this forum is a topic related to your problem…

          ...ah. And welcome to the forum ;)

          I've read this topic (and some other) but i can't see any solution. There is no way to unload the helper from kernel ?

          1 Reply Last reply Reply Quote 0
          • J
            jlepthien
            last edited by

            There is no solution as you can see in that thread. Just use a better method like FTPS or SFTP. Better and more secure…

            | apple fanboy | music lover | network and security specialist | in love with cisco systems |

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              Try latest snapshot.
              It should work correctly now and there is a knob for disabling it if you want.

              1 Reply Last reply Reply Quote 0
              • S
                soconfused
                last edited by

                Question from a complete noob: With only ftps what do when I need to get a port from ftp://ftp.freebsd.org?

                1 Reply Last reply Reply Quote 0
                • R
                  rpsmith
                  last edited by

                  if I understand you question correctly, you need to use a client that supports FTPS like FileZilla.

                  Roy…

                  1 Reply Last reply Reply Quote 0
                  • R
                    rpsmith
                    last edited by

                    @ermal:

                    Try latest snapshot.
                    It should work correctly now and there is a knob for disabling it if you want.

                    ermal, have not been able to locate the "knob".  can you please explain?

                    Roy…

                    1 Reply Last reply Reply Quote 0
                    • E
                      eri--
                      last edited by

                      debug.pfftpproxy just set it to 1 and it will disable it.

                      You might need to enter it under system->tunables if you do not have it in there.

                      1 Reply Last reply Reply Quote 0
                      • R
                        rpsmith
                        last edited by

                        thanks ermal!  I'll give it a try.

                        Roy…

                        1 Reply Last reply Reply Quote 0
                        • R
                          rpsmith
                          last edited by

                          nanobsd - Wed Jan 19 12:45:14 - net5501:

                          passive FTP client –-- {NAT - m0n0wall} --- (internet) --- {pfSense - 1:1 NAT} --- {FTP Server} => Works!
                          passive FTPS client --- {NAT - m0n0wall} --- (internet) --- {pfSense - 1:1 NAT} --- {FTP Server} => Works!  (only tested implicit mode)

                          pfSense side Notes:

                          1.  1:1 NAT, port 21 pass rule to FTP Server
                          2.  1:1 NAT, passive port range pass rule to FTP Server
                          3.  1:1 NAT, port 990 pass rule to FTP Server
                          4.  debug.pfftpproxy set to 1
                          5.  FTP Server configured to use its public IP for passive connections
                          6.  FileZilla FTP Client.

                          Only did limited testing but with the above configuration I had zero problems!

                          Thanks ermal!

                          Roy...

                          1 Reply Last reply Reply Quote 0
                          • E
                            eri--
                            last edited by

                            Normally you should have not problems even without disabling the ftpproxy.
                            Did you try with the proxy active?

                            1 Reply Last reply Reply Quote 0
                            • R
                              rpsmith
                              last edited by

                              ermal,

                              I still had had ftp problems with "Tue Jan 18 04:33:29" but as I did not see any mention of any new proxy fixes for "Wed Jan 19 12:45:14",  I did not test that build before turning off the service.  After the next build, I will re-enable it and re-test.

                              BTW, since it works fine with it off, what advantages is there to running the ftp proxy?

                              Roy…

                              1 Reply Last reply Reply Quote 0
                              • J
                                jlepthien
                                last edited by

                                @rpsmith:

                                ermal,

                                I still had had ftp problems with "Tue Jan 18 04:33:29" but as I did not see any mention of any new proxy fixes for "Wed Jan 19 12:45:14",  I did not test that build before turning off the service.  After the next build, I will re-enable it and re-test.

                                BTW, since it works fine with it off, what advantages is there to running the ftp proxy?

                                Roy…

                                The point of the proxy is that you do not open up a hole in your firewall with all these high-ports…if you can talk about security with ftp you should at least use that proxy...

                                | apple fanboy | music lover | network and security specialist | in love with cisco systems |

                                1 Reply Last reply Reply Quote 0
                                • R
                                  rpsmith
                                  last edited by

                                  well that make sense.  so with the proxy I don't need any port open to the FTP server or just port 21?  also, do I use my FTP server's private or public IP when configuring its passive IP?

                                  Thanks,

                                  Roy…

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    jlepthien
                                    last edited by

                                    The only thing that should be done is to NAT Port 21tcp to your servers private ip address. The proxy should handle everything else. (also active or passive)
                                    At least I know this function from other firewall products I never used incoming ftp with pfSense. Well, as I've stated before, ftp should be exchanged with a more secure protocol like ssh…

                                    | apple fanboy | music lover | network and security specialist | in love with cisco systems |

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      rpsmith
                                      last edited by

                                      well I normally only run my ftp server with my passive ports and port 990 open and use implicit FTPS exclusively.  so will the ftp-proxy work with FTPS or will I still need to open my passive ports?

                                      Roy…

                                      1 Reply Last reply Reply Quote 0
                                      • E
                                        eri--
                                        last edited by

                                        It would not touch at all FTPS.

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          rpsmith
                                          last edited by

                                          with only port 21 open and today's build - Jan 20 06:00:12 - and "debug.pfftpproxy" set to 0 (I assume that re-enables it), filezilla client returns:

                                          Error: Connection timed out
                                          Error: Failed to retrieve directory listing

                                          Roy…

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.