One-way block of ftp through transparent FW



  • have a problem with ftp through pfSense running in transparent bridging mode. I can not access a ftp server on the WAN-side from a client on the LAN-side. Client on WAN and server on LAN is OK.

    My setup:
    -Version 1.0.1 embedded running on a Wrap board
    -Enabled filtering bridge option
    -Bridged LAN with WAN
    -Disabled FTP-helper on both interfaces
    -A "pass-all" rule last in the rule list on WAN
    -Unchecked "Block private networks"

    What I have done to diagnose:
    -Logged the few block-rules I have on the WAN-if (nothing)
    -Moved the pass-all rule first in the rule list (no change)
    -Enabled FTP-helper on the interfaces (I can't say that I have tried all combinations, but no success for the ones I've tried)
    -Tried to enable "FTP RFC 959 dataport violation workaround" in the advanced settings (no change)
    -Tried both active and passive connections (no change)
    -Searched this forum (No obviuos match)

    The result I get when I try to connect is:
    H:>ftp 172.18.228.1
    Connected to 172.18.228.1.
    (wait some time, and then…)
    Connection closed by remote host.

    It looks like the response from the server doesn't find its way back to the client.

    Everything else works fine. The next step, I guess, is to put Ethereal to work, but before that - Any hints?

    /Roger



  • You should upgrade to a recent snapshot. Lots of things have been fixed and improved. As the snapshots are close to 1.2beta1 they are pretty stable already. Other option is to wait for the 1.2beta1 to appear.



  • OK Thanks Hoba. I'll upgrade.

    /Roger



  • I have just upgraded to 1.0.1-SNAPSHOT-03-27-2007. Guess what. I'm happy again! :-)

    FTP flows like a river in both directions. Thanks! Also thanks for some nice new features.

    /Roger



  • Good to hear  :)


Log in to reply