(solved??)Filezilla FTP works but not commandline…
-
I've never used pfsense before… This is the first version I've used so I don't know about 1.2.3.
Also I'm not sure how to put Windows command line in FTP... Why does Filezilla FTP work both in Active or Passive though??
And I refuse to believe you & i are the only one with this issue... So has anyone given you any better ideas on this?? Should I close my thread so we can all focus on yours then?
-
You are sure filezilla is active mode ? (Filezilla have "autoswitch" mode) try wth IE only or firefox (witg fireftp plugin) - https://addons.mozilla.org/fr/firefox/addon/fireftp/
-
This issue seems to be hit very very rarely and i had forgotten about it, other things on queue.
Though the only way to verify this is through packet traces and pfSense state table dumping during this time.
-
Hi ermal,
Not Rarely, many user use firezilla, or software with auto switch mode or with passive mode by default for this they not see the problem (mostly)
trying ONLY with ftp software on active mode use 10 internet's user and you see this problem more often (specialy on seconde interface Wan)
As I said, ftp client declare which port it uses, with windows 7 / windows 2008 most often used high port and pfsense block that (I send you private message ermal 2 month ago with link, and example)
-
hi keith_opswat,
Do you have time to test if it's ftp active/passive problem with another ftp client ?
-
Sorry I kinda dropped out for a bit. But this is an issue I MUST get fixed soon.
Ok, so I was wrong earlier…
I can only connect via passive FTP with Filezilla. I can not get a directory listing with active mode. It was working before because it was allowed to automatically switch if there was an issue.
So... Does anyone have any ideas on this? My company needs FTP to pull from about 40 different antivirus companies & then push the updates out to our multiscanning products.
So this is very critical... I've tried the command "quote pasv" after connecting via windows command line but it's not working.
I read something somewhere about FTP helper.. Is this something I should use? Can anyone either give me some direction on this or point me to something I can read on it?
Thanks a lot everyone & PLEASE HELP ME!!! I can't have my CEO getting on to me about this.
-
I found THE BUG (and maybe the response of this problem ?)
ftp-helper (on pfsense 2.0) when we entering on passive mode return :
27 Entering Passive Mode (XX,XX,XX,XX,X)
the real response is (When i test passive mode without pfsense)
227 Entering Passive Mode
Some ftp client wait the code 227 for response (not 27 !)
Please could you correct this ? -
on the RFC :
http://www.ietf.org/rfc/rfc959.txt27 is not on the list…. so if ftp client is strict ftp not working !
Edit : On default gateway (ftp response 227) on another gateway (multiwan) ftp response 27 when entering passive mode.. crazy bug ?
-
I seem to have the same bug…
I have a program that needs an active ftp connection and this connection keeps getting dropped on ls commands.
The strange thing is that it works in the beginning but after several files the connection gets dropped...
Does the 227-27 bug interfere with active only connections?
-
So this was really weird.. This morning my main 10MB T1 connection dropped out.. So as I set it up to pfsense was wan loadbalancing over a 1.5MB T1 and a 3MB DSL Line.
For some crazy reason the command line FTP worked… Both in active & passive.
now that I'm backup on my 10MB T1 it doesn't work again!! I have a script that I can change all traffic out an old firewall which also uses the 10MB T1 and it works fine. So it's not the ISP blocking it. I'm so confused!!! I feel like this is an issue that a new admin should be having but I'm quite experienced and this is kicking my ass.
-
Just upgraded to RC2 and still no active connection…
-
So I may have solved this issue.. However, this has dug me into a different issue. Both this one and I believe the new one are configuration errors but either way thanks for any time and help. I'll have my new issue up soon..
This one was I believe a NAT issue. I set this pfsense box up to replace our ASA 5505. Our old network had 3 different subnets connected to a centos box just forwarding packets amongs the subnets and anything destined for the internet was sent out the ASA. So in order to leave our subnets default gateway I kept the centos box in place for the beginning of testing so I could just change the default gw on the centos box and flip back and forth between the old firewall & new.
However, since the subnets were all going through the CentOS box I think it was having issues with teh firewall/NAT for some services. Now that the pfsense box is doing the routing amongst the subnets it appears to be fine. Any comments on this that may make it more clear as to why it wasn't working besides what I've come up wtih?
-
were there different subnet between centos and pfsense?
Or was there rule what allowed one subnet and didn't allow two others? -
The CentOS box had every subnet… It had 6 NIC's 4 active... 1 on each subnet & one that pointed to the router/firewall.
It didn't do any filtering/firewall stuff. If it received a packet destined for one of the local subnets it just forwarded it out that port and let the switch handle it. If it was a packet that it didn't know where it belonged it just auto-forwarded it out to the router/firewall. But I"m thinking that something happened with the NAT on the pfsense box because everything was passing through a router prior. I think it had issues relating some of the FTP traffic to a previous connection.
-
ftp-helper (on pfsense 2.0) when we entering on passive mode return :
27 Entering Passive Mode (XX,XX,XX,XX,X)
the real response is (When i test passive mode without pfsense)
227 Entering Passive ModeSome ftp client wait the code 227 for response (not 27 !) Please could you correct this ?
Test with last Pfsense version RC3 built on Fri Aug 12 00:28:10 EDT 2011
Now it's not 27 …. but only 7 Entering Passive Mode
-
It is rather strange to see that!
I would be interested in pcaps of this.
-
@ermal
What is the best procedure for you ? and where i can put the file ?