Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFsense not playing nicely with SFTP (Edit) FTP over SSL

    Firewalling
    4
    8
    6020
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doc_holiday last edited by

      I am using the SmartFTP client to connect to my web host via SSL Explicit.  I'm doing this from within my LAN using NAT.  Somehow though, NAT is not playing nicely with the exchange of keys…

      [17:29:05] SmartFTP v2.0.1002.0
      [17:29:05] Resolving host name "ftp.foobar.org"
      [17:29:05] Connecting to 70.84.000.000 Port: 21
      [17:29:05] Connected to ftp.foobar.org.
      [17:29:05] 220–-------- Welcome to Pure-FTPd [TLS] –--------
      [17:29:05] 220-You are user number 1 of 50 allowed.
      [17:29:05] 220-Local time is now 11:29. Server port: 21.
      [17:29:05] 220-This is a private system - No anonymous login
      [17:29:05] 220 You will be disconnected after 15 minutes of inactivity.
      [17:29:05] AUTH TLS
      [17:29:05] 234 AUTH TLS OK.
      [17:29:05] Connected. Exchanging encryption keys…

      It hangs there and I get a tonne of entries in the firewall log of the server trying to exchange the keys with me.  Do I need to open up a port for this?  In my understanding, NAT was supposed to open up the necessary things for SSL so you didn't have to massage it.  I might be mistaken, hence my post. (regular FTP works just fine)

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        http://faq.pfsense.com/index.php?action=artikel&cat=1&id=164&artlang=en&highlight=winscp

        1 Reply Last reply Reply Quote 0
        • D
          doc_holiday last edited by

          @sullrich:

          http://faq.pfsense.com/index.php?action=artikel&cat=1&id=164&artlang=en&highlight=winscp

          Thanks.  That doesn't work.  I am using the base installl and I might try updating to the latest build.

          1 Reply Last reply Reply Quote 0
          • JeGr
            JeGr LAYER 8 Moderator last edited by

            As I read your log above, you're talking about FTPS, not SFTP, right? First is FTP over SSL (or TLS) but at the end "normal FTP", second is Secure-FTP via SSH. Very different from each other, so what kind of FTP are you trying to use? looks bit confused

            1 Reply Last reply Reply Quote 0
            • D
              doc_holiday last edited by

              @Grey:

              As I read your log above, you're talking about FTPS, not SFTP, right? First is FTP over SSL (or TLS) but at the end "normal FTP", second is Secure-FTP via SSH. Very different from each other, so what kind of FTP are you trying to use? looks bit confused

              Yes, sorry, it is FTP over SSL.

              1 Reply Last reply Reply Quote 0
              • JeGr
                JeGr LAYER 8 Moderator last edited by

                No need to blush, just wanted to straight that out since Scott's response seemed to tend towards SCP (or SFTP) instead of FTP with SSL.
                Are you using the FTP helper on the LAN IF? And do you see anything in the firewall logs while connecting? I currently have no remote host playing with FTPS so can't try it out myself.

                Greets
                Grey

                1 Reply Last reply Reply Quote 0
                • D
                  doc_holiday last edited by

                  @Grey:

                  No need to blush, just wanted to straight that out since Scott's response seemed to tend towards SCP (or SFTP) instead of FTP with SSL.
                  Are you using the FTP helper on the LAN IF? And do you see anything in the firewall logs while connecting? I currently have no remote host playing with FTPS so can't try it out myself.

                  Greets
                  Grey

                  I have tried this both with and without the FTP helper.  I can't see anything in the logs which will help me diagnose the problem either!

                  1 Reply Last reply Reply Quote 0
                  • J
                    Justinw last edited by

                    Your probably already know this, but anything ssl over a load balanced connection gets messed up unless you tell all ssl protocols to route out only 1 of the interfaces.  Just FYI if you are load balancing

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy