Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP NAT not working after changing LAN address

    Scheduled Pinned Locked Moved NAT
    4 Posts 1 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      josemaX
      last edited by

      Hello

      Today i changed in my 2.0 box the LAN's IP address because renumbering my network, it was 192.168.1.1/24 and now it's 172.16.2.1/23.

      I have some NAT rules to pass ssh, http, ftp… to a server. All them worked for months until i changed the LAN's IP.

      Now everything but FTP works. When i connect to FTP port (ADSL in OPT1) i can login, but when i do for example and ls it "hangs" and no reacts any more (nor timeout), it keeps hanged.

      I've tried everything i found in the net, deleting the rules, creating again, disabling the server (the one the NAT rule redirects the FTP) firewall (iptables - GNU/Linux).

      I have the ns_conntrack_ftp module loaded in the Linux box.

      I have found something about FTP helper in the pfSense box, but i don't found it in the 2.0 pfSense.

      Don't know what to do and how to solve it.

      The FTP server is pure-ftpd, I have a passive port range, and they are natted also to the FTP server. (PassivePortRange  42300 42800)

      Can anyone help me, or focus me about what is happening?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • J
        josemaX
        last edited by

        Hello

        I've deleted (again) all FTP NAT (the port 21 one and the passive ports) rules and created again. No luck.

        I'm connecting FTP with debugging/verbose and this is what i get:

        220-This is a private system - No anonymous login
        220-IPv6 connections are also welcome on this server.
        220 You will be disconnected after 15 minutes of inactivity.
        ftp: setsockopt: Bad file descriptor
        –-> AUTH GSSAPI
        500 This security scheme is not implemented
        ---> AUTH KERBEROS_V4
        500 This security scheme is not implemented
        KERBEROS_V4 rejected as an authentication type
        Name (machine.domain.tld:jose): jose
        ---> USER jose
        331 User jose OK. Password required
        Password:
        ---> PASS XXXX
        230 OK. Current restricted directory is /
        cmds.c:284: verbose=2 debug=1 overbose=2
        ---> SYST
        215 UNIX Type: L8
        Remote system type is UNIX.
        Using binary mode to transfer files.
        ftp> ls
        ftp: setsockopt (ignored): Permission denied
        ---> PASV

        And it stops here.

        1 Reply Last reply Reply Quote 0
        • J
          josemaX
          last edited by

          Hello again

          The FTP server in the LAN works well, so not a problem in this side. The PASV port it gives in tests is in the configured range that is "opened" in the pfSense box.

          It seems pfSense stops when the server gives the client the port.

          No one have idea of what to do before trying to reinstall the software and reconfigure everything again?

          Best,

          1 Reply Last reply Reply Quote 0
          • J
            josemaX
            last edited by

            Hello all,

            Finally I solved this reinstalling the pfSense box. After configuring the NAT rules, the FTP works again, well, I had to disable the ftp proxy (in the previous installation it didn't exist, perhaps because it was a beta upgraded to final, buy i added the tunable debug.pfftpproxy and set it to 1, without luck).

            Now it's working, but no idea why changing the LAN address broken that.

            I've not restored a configuracion, only "just in case", and configured everything from scratch.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.