FTP problem when client connects from public IP through LAN interface (via VPN)?
Our setup is this:
Client (public IP) > VPN Box > Web Filter > pfSense (LAN Interface) > FTP Server (in DMZ)
Therefore, the client is connecting with a public IP, through the LAN interface to the FTP server in the DMZ.
The client is connecting to the FTP server and authenticating, but when they try to enter PASV mode, it's getting blocked.
I've allowed all communications from their public IPs on the LAN interface to the DMZ and vice versa so I don't think this is a firewall rule issue.
Is this kind of setup a problem for pfSense?
p.s. on a side note, do we still need the FTP helper rule (127.0.0.1 with 8000 - 8030) in pfSense 2.0?
Actually any PASV FTP into the DMZ is blocked....
Status: Connecting to 192.168.X.X:21...
Status: Connection established, waiting for welcome message...
Response: 220 ---
Command: USER loginid
Response: 331 Password required for loginid.
Command: PASS *******
Response: 230 Login OK. Proceed.
Status: Retrieving directory listing...
Response: 257 "/" is current folder.
Command: TYPE I
Response: 200 Type set to I.
Response: 227 Entering Passive Mode (123,123,123,123,109,96).
Response: 150 Opening BINARY mode data connection for MLSD /.
Error: Connection timed out
Error: Failed to retrieve directory listing
bump – Is there a problem with PASV FTP with 2.0?