Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal FTP WOES pfsense 2.0RC3

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    2
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ruh8n2
      last edited by

      A little setup back ground we have two firewalls a perimeter and an internal firewall. our DMZ sits with the perimeter firewall.
      Recently upgraded to 2.0RC3 now our FTP is having trouble. Its not a terrible big deal since the service is legacy trying to be removed, but users needed to dl their data to do this.  Now they cant.

      Note external access has been shutoff and external dns entries removed, such that only internal traffic to and from the ftp server allowed

      access on the dmz subnet to the ftp server is fine

      testing from lan on the internal firewall .
      telnet to ftp is fine
      ftp ftp.co.com
      connects and prompts for username pw
      connects fine

      [root@mrburns ~]# nslookup ftp.co.com
      Server:        dns-server
      Address:        192.168.6.19#53

      Name:  ftp.co.com
      Address: 192.168.7.84

      Note: look at the passive line and then the address where is it pulling this
      address, its one of our old external ISP addresses.

      ftp> ls
      227 Entering Passive Mode (174,79,191,171,78,34)
      ftp: connect: Connection refused

      "[root@mrburns ~]# ftp 192.168.7.84
      Connected to 192.168.7.84.
      220–-------- Welcome to Pure-FTPd [privsep] [TLS] –--------
      220-You are user number 1 of 6 allowed.
      220-<<
      220-%                        UNAUTHORIZED ACCESS IS PROHIBITED
      220-This system is for the use of authorized users only.
      220-Company resources, including computers, communications equipment, and
      associated devices (e.g., internet, electronic mail, voice mail, copiers,
      facsimile machines) are to be used for company business purposes.
      220-Personal use of Company resources is permitted if it is incidental to
      the employee's workday, does not occur during chargeable work-time, is of
      limited and reasonable duration and frequency, and does not interfere with
      or adversely affect the user's or another employee's job performance or
      other operational requirements.
      220-Use of these systems constitutes acknowledgement and consent to company
      monitoring of these systems.
      220-Unauthorized release of classified or controlled unclassified
      information while using these systems, such as release of information
      requiring an export license, constitutes a security violation.
      220-Employees must report security violations and improper use of Company
      resources to the Security Department.
      220->>
      220-Local time is now 13:04. Server port: 21.
      220-This is a private system - No anonymous login
      220 You will be disconnected after 3 minutes of inactivity.
      500 This security scheme is not implemented
      500 This security scheme is not implemented
      KERBEROS_V4 rejected as an authentication type
      Name (192.168.7.84:root): user
      331 User jpsd OK. Password required
      Password:
      230-Your bandwidth usage is restricted
      230-User user has group access to:  1001
      230 OK. Current directory is /
      Remote system type is UNIX.
      Using binary mode to transfer files.
      ftp> ls
      227 Entering Passive Mode (174,79,191,171,78,44)
      ftp: connect: Connection refused
      "

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Is traffic being rejected on the perimeter or the internal firewall?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post