Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [WORKS] Ftp server (passive and active) behind pfsense on 1.2-beta

    Firewalling
    3
    7
    3483
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gug42 last edited by

      Hi,

      I'm using pfsense  "1.2-BETA-1-TESTING-SNAPSHOT-05-24-2007".

      I have a ftp server behind pfsense and I can not join It from Internet. I need passive and active connection.

      What I have :

      • ftp-helper is enable for wan interface

      • NAT rule :
        WAN    TCP    21 (FTP)    192.168.1.2  21(FTP)
        The creation off this nat rule create automaticly two standart rules in order to accept ftp traffic
        For information the external adresse is virtual.

      • On the system :

      
      # ps auwx | grep pftpx
      proxy   4296  0.0  0.0   656   492  ??  Ss    3:34PM   0:00.00 /usr/local/sbin/pftpx -c 8021 -g 8021 192.168.1.254
      
      

      It strange because any references to the external or internet addresses and the ports are wrong ? More over the ip 192.168.1.254 is the "gateway"…

      any idea ?

      thank you in advance

      1 Reply Last reply Reply Quote 0
      • G
        gug42 last edited by

        Hi,

        With the ftp client, I have thoses errors :

        
        ftp> cd directory
        250 CWD command successful.
        ftp> ls
        227 Entering Passive Mode (192,168,1,2,17,173).
        ftp: connect: No route to host
        
        

        It seems that was a corrected bug : 1263 ?
        http://cvstrac.pfsense.com/tktview?tn=1263,4

        any idea ? thank you in advance

        1 Reply Last reply Reply Quote 0
        • S
          sullrich last edited by

          FAQ.  Virtual IP's + FTP are only compatible with CARP type.

          1 Reply Last reply Reply Quote 0
          • G
            gug42 last edited by

            Ok thank you for the answer, I'm confused, i have'nt see it in the FAQ  :'(

            Effectively the virtual IP are in Proxy Arp.

            To work you must have :

            • Virtual IP in CARP mode
            • ftp-helper activated on the WAN interface
            • A NAT rule from the external IP to the internal IP on the FTP Port. The creation of this NAT rule create two standart rules to accept connection on the port 21 to the firewall on the external IP and the internal IP.

            Thank you in advance.

            I've got one question : the CARP mode for a virtual interface is not only for redundancy ?

            1 Reply Last reply Reply Quote 0
            • S
              sullrich last edited by

              It can be used as a stand alone interface as well (CARP).  It simply broadcasts VRRP which should not be an issue in most cases.

              1 Reply Last reply Reply Quote 0
              • G
                gug42 last edited by

                Ok thank you :)

                And for IP in an other subnet, we have :

                • create alias with shell commands ifconfig
                • use the type "other"
                1 Reply Last reply Reply Quote 0
                • T
                  tacfit last edited by

                  This thread just saved my butt. I'm dropping some search engine glue for any other poor souls:

                  FTP server doesn't work
                  FTP server won't work
                  Publish FTP server
                  NAT FTP server

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post