FTP woes



  • pfSense n00b here.

    I'll try to be as clear as I can describing the issue with pfSense 2.0.1 and our ftp issue.

    Here is what works:

    FTPing from an external IP address to an FTP behind pfSense works fine so the NAT is working there.
    FTPing to the internal IP address (192.168.1.240) of the FTP on the lan works fine.
    FTPing to the ftp using the server name on the internal network also works fine.

    What doesn't work is FTPing from the internal network (192.168.1.xxx) to the external WAN IP address (eg: 198.169.x.x).  The login works fine but as soon as it tries to list the directory we get a:

    
    Response:	220 FTP Server Ready
    Command:	USER someuser
    Response:	331 Password required for someuser
    Command:	PASS ******
    Response:	230-
    Response:	230-Secured Private FTP Server
    Response:	230-Unauthorized Access is Strictly Prohibited.
    Response:	230-===========================================
    Response:	230-
    Response:	230-Consider Yourself Logged.
    Response:	230-
    Response:	230 User someuser logged in
    Command:	OPTS UTF8 ON
    Response:	200 UTF8 set to on
    Status:	Connected
    Status:	Retrieving directory listing...
    Command:	PWD
    Response:	257 "/" is the current directory
    Command:	TYPE I
    Response:	200 Type set to I
    Command:	PASV
    Response:	227 Entering Passive Mode (198,169,x,x,163,128)
    Command:	MLSD
    Error:	Connection timed out
    Error:	Failed to retrieve directory listing
    
    

    Any ideas as to what setting is preventing the ftp server from listing the directory when trying to access it from the internal lan using the wan ip?

    ???


  • Rebel Alliance Global Moderator

    Well why and the world would you do that in the first place?  But that nat refection, and yeah with the way ftp protocol works and through a nat that could be a messy thing to get working.

    Your attempting a passive connection from the client, so server tells client what IP and port to connect too – see that passive command that says connect to him on 198.169 port (163*256)+128 = port 41856

    Why would you need to access wan IP if your on the same lan as the ftp server?  Routing the ftp traffic through your router, vs just over your switching network doesn't make a lot of sense ;)


Locked