FTP issues with Manual Outbound NAT



  • Just wanted to share.

    pfsense 2.0.1

    I ran into the issue where passive ftp worked but active did not when external clients connected to internal ftp box through router.  You can tell right away because the "getting folder contents" would hang on the external client.
    I mistakenly removed a couple of outbound routes while cleaning up which caused this issue.

    NAT 21 from Outside IP (External IP address clients connect to) to Inside IP (IP of the FTP server)
    NAT port range specified on FTP server to use (Example 6000 - 6010) From Outside IP (External IP address clients connect to) to Inside IP (IP of the FTP server)
    ** Outbound NAT **  from Inside IP (IP of the FTP server) to Outside IP (External IP address clients connect to)

    Ex.
    123.123.123.123 FTP (21) –> 192.168.1.16 FTP (21)
    123.123.123.123 6000-6010 --> 192.168.1.16 6000-6010
    ANY 192.168.1.16 --> 123.123.123.123

    Not sure how automatic outbound does this, so this is for those who use Manual Outbound and are forgetful like i am. :)
    Make sure you know about outbound routing before changing from automatic to manual.


Log in to reply