FTP proxy and IP problems



  • Hi all,
    I setup my pfsense to allow ftp to my ftp server in my lan :  wan=>LAN
    I used the FAQ http://wiki.pfsense.com/wikka.php?wakka=IncomingFTPHowTo
    But I still have a problem, with the ftphelp, I don't have the IP address of the people who are connected on my ftp but I have the IP of the lan interface.
    Here for example :
    With ftphelper and working :

    
    Apr  9 10:57:42 debian pure-ftpd: (?@192.168.1.254) [INFO] toto is now logged in
    
    

    Without ftphelper and doesn'tworking :

    Apr  9 11:34:01 debian pure-ftpd: (?@AMontpellier-157-1-###-134.w90-14.abo.wanadoo.fr) [INFO] toto is now logged in
    
    

    Does anyone have an idea to keep the IP ?
    A few month ago, I reach to keep the IP and the FTP works successfull, but I don't remember how I done this.



  • When I activate ftp helper, I have this in my system log :

    Apr 9 14:00:22 	pftpx[12222]: pftpx exiting on signal 0
    Apr 9 14:00:22 	pftpx[12222]: pftpx exiting on signal 0
    Apr 9 14:00:22 	pftpx[12222]: event_dispatch error: Operation not supported by device
    Apr 9 14:00:22 	pftpx[12222]: event_dispatch error: Operation not supported by device
    Apr 9 14:00:22 	pftpx[12222]: listening on 127.0.0.1 port 8021
    Apr 9 14:00:22 	pftpx[12222]: listening on 127.0.0.1 port 8021
    Apr 9 14:00:22 	php: : Config: AON rule matched for interface LAN - using FTP proxy
    


  • (1) when using an incoming ftp server you would be best to disable the ftp helper on the interface in question.
    (2) pure ftpd can use passive ftp where you set a port range 3000-3500 and you forward those ports along with port 21 on to the server.
    (3) most ftp servers allow you to work with nat by allowing a field to enter the public ip address in the ftp server startup script to allow for better translation.
    (4) first thing to do is get your ftp server working correctly without nat then add the nat specific stuff into ftp server configuration and firewall after the thing is working.

    good luck


Log in to reply