FTP problem when client connects from public IP through LAN interface (via VPN)?



  • Our setup is this:
    Client (public IP) > VPN Box > Web Filter > pfSense (LAN Interface) > FTP Server (in DMZ)
    Therefore, the client is connecting with a public IP, through the LAN interface to the FTP server in the DMZ.

    The client is connecting to the FTP server and authenticating, but when they try to enter PASV mode, it's getting blocked.

    I've allowed all communications from their public IPs on the LAN interface to the DMZ and vice versa so I don't think this is a firewall rule issue.

    Is this kind of setup a problem for pfSense?

    p.s. on a side note, do we still need the FTP helper rule (127.0.0.1 with 8000 - 8030) in pfSense 2.0?

    –-EDIT---
    Actually any PASV FTP into the DMZ is blocked....

    Status: Connecting to 192.168.X.X:21...
    Status: Connection established, waiting for welcome message...
    Response: 220 ---
    Command: USER loginid
    Response: 331 Password required for loginid.
    Command: PASS *******
    Response: 230 Login OK. Proceed.
    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is current folder.
    Command: TYPE I
    Response: 200 Type set to I.
    Command: PASV
    Response: 227 Entering Passive Mode (123,123,123,123,109,96).
    Command: MLSD
    Response: 150 Opening BINARY mode data connection for MLSD /.
    Error: Connection timed out
    Error: Failed to retrieve directory listing



  • bump – Is there a problem with PASV FTP with 2.0?


Log in to reply