(solved??)Filezilla FTP works but not commandline…



  • I have an issue that I find to be rather strange.

    Someone using Filezilla both in Active or Passive mode, FTP works without any issues.

    However, if we try to use the Windows Command line FTP or run FTP through some C++ code it doesn't work…

    It will open the FTP connection and login.

    However, when we run the ls command it just hangs for a very long time then either say 226> Transfer complete or just hang indefinitely.

    I saw some articles on fixing this on the old version of pfsense but I'm not sure how this moves over to 2.0.

    If someone could either tell me what I need to do to fix this or point me in the direction of a proper article it would be appreciated. This is causing some of the engineers where I work some issues.

    Also... i dont' know if this is related or not but some of the different Antivirus programs can't update now that I've implemented pfsense.



  • I found this… but not sure where pf.conf is...

    Is this the proper avenue I need to take to fix this or no??

    Thanks.



  • You are on MultiWan or SingleWan ?



  • Multiwan…

    I have 3 WAN's. However, I have one on Tier 1, and then 2 on Tier 2

    One LAN... however static routes to the router that routes to our other VLAN's.



  • Ok you have SAME problem like me :(

    Source : http://forum.pfsense.org/index.php/topic,31983.msg177753.html#msg177753

    I am surprise we are only 2 only guy with this problem.

    Soluce FTP in passive mode only  or user shorewall on linux :(

    –-----

    Note : Same problem 1.2.3 exist for me (and for you ?)



  • I've never used pfsense before… This is the first version I've used so I don't know about 1.2.3.

    Also I'm not sure how to put Windows command line in FTP... Why does Filezilla FTP work both in Active or Passive though??

    And I refuse to believe you & i are the only one with this issue... So has anyone given you any better ideas on this?? Should I close my thread so we can all focus on yours then?



  • You are sure filezilla is active mode ?  (Filezilla have "autoswitch" mode) try wth IE only or firefox (witg fireftp plugin) - https://addons.mozilla.org/fr/firefox/addon/fireftp/



  • This issue seems to be hit very very rarely and i had forgotten about it, other things on queue.

    Though the only way to verify this is through packet traces and pfSense state table dumping during this time.



  • Hi ermal,

    Not Rarely, many user use firezilla, or software with auto switch mode or with passive mode by default for this they not see the problem (mostly)

    trying ONLY with ftp software on active mode use 10 internet's user and you see this problem more often  (specialy on seconde interface Wan)

    As I said, ftp client declare which port it uses, with windows 7 / windows 2008 most often used high port and pfsense block that (I send you private message ermal 2 month ago with link, and example)



  • hi keith_opswat,

    Do you have time to test if it's ftp active/passive problem with another ftp client ?



  • Sorry I kinda dropped out for a bit. But this is an issue I MUST get fixed soon.

    Ok, so I was wrong earlier…

    I can only connect via passive FTP with Filezilla. I can not get a directory listing with active mode. It was working before because it was allowed to automatically switch if there was an issue.

    So... Does anyone have any ideas on this? My company needs FTP to pull from about 40 different antivirus companies &  then push the updates out to our multiscanning products.

    So this is very critical... I've tried the command "quote pasv" after connecting via windows command line but it's not working.

    I read something somewhere about FTP helper.. Is this something I should use? Can anyone either give me some direction on this or point me to something I can read on it?

    Thanks a lot everyone & PLEASE HELP ME!!! I can't have my CEO getting on to me about this.



  • I found THE BUG (and maybe the response of this problem ?)

    ftp-helper (on pfsense 2.0) when we entering on passive mode return :

    27 Entering Passive Mode (XX,XX,XX,XX,X)

    the real response is (When i test passive mode without pfsense)

    227 Entering Passive Mode

    Some ftp client wait the code 227 for response (not 27 !)
    Please could you correct this ?



  • on the RFC :
    http://www.ietf.org/rfc/rfc959.txt

    27 is not on the list…. so if ftp client is strict ftp not working !

    Edit : On default gateway (ftp response 227) on another gateway (multiwan) ftp response 27 when entering passive mode.. crazy bug ?



  • I seem to have the same bug…

    I have a program that needs an active ftp connection and this connection keeps getting dropped on ls commands.

    The strange thing is that it works in the beginning but after several files the connection gets dropped...

    Does the 227-27 bug interfere with active only connections?



  • So this was really weird.. This morning my main 10MB T1 connection dropped out.. So as I set it up to pfsense was wan loadbalancing over a 1.5MB T1 and a 3MB DSL Line.

    For some crazy reason the command line FTP worked… Both in active & passive.

    now that I'm backup on my 10MB T1 it doesn't work again!! I have a script that I can change all traffic out an old firewall which also uses the 10MB T1 and it works fine. So it's not the ISP blocking it. I'm so confused!!! I feel like this is an issue that a new admin should be having but I'm quite experienced and this is kicking my ass.



  • Just upgraded to RC2 and still no active connection…



  • So I may have solved this issue.. However, this has dug me into a different issue. Both this one and I believe the new one are configuration errors but either way thanks for any time and help. I'll have my new issue up soon..

    This one was I believe a NAT issue. I set this pfsense box up to replace our ASA 5505. Our old network had 3 different subnets connected to a centos box just forwarding packets amongs the subnets and anything destined for the internet was sent out the ASA. So in order to leave our subnets default gateway I kept the centos box in place for the beginning of testing so I could just change the default gw on the centos box and flip back and forth between the old firewall & new.

    However, since the subnets were all going through the CentOS box I think it was having issues with teh firewall/NAT for some services. Now that the pfsense box is doing the routing amongst the subnets it appears to be fine. Any comments on this that may make it more clear as to why it wasn't working besides what I've come up wtih?



  • were there different subnet between centos and pfsense?
    Or was there rule what allowed one subnet and didn't allow two others?



  • The CentOS box had every subnet… It had 6 NIC's 4 active... 1 on each subnet & one that pointed to the router/firewall.

    It didn't do any filtering/firewall stuff. If it received a packet destined for one of the local subnets it just forwarded it out that port and let the switch handle it. If it was a packet that it didn't know where it belonged it just auto-forwarded it out to the router/firewall. But I"m thinking that something happened with the NAT on the pfsense box because everything was passing through a router prior. I think it had issues relating some of the FTP traffic to a previous connection.



  • @phb.fr:

    ftp-helper (on pfsense 2.0) when we entering on passive mode return :

    27 Entering Passive Mode (XX,XX,XX,XX,X)
    the real response is (When i test passive mode without pfsense)
    227 Entering Passive Mode

    Some ftp client wait the code 227 for response (not 27 !) Please could you correct this ?

    Test with last Pfsense version RC3 built on Fri Aug 12 00:28:10 EDT 2011

    Now it's not 27 …. but only 7 Entering Passive Mode



  • It is rather strange to see that!

    I would be interested in pcaps of this.



  • @ermal

    What is the best procedure for you ? and where i can put the file ?


Locked