Ftp inside or ftp outside problem



  • running latest 28.1.06 on hdd
    with pure-ftp, natd, two realtek 8139d w/u pooling

    heres problem.
    depending on config i experience 2 ftp access scenarios:
    (all actions taken from lan)

    1. i can access lan ftp on pfsense, also i can connect external ftp servers, but cant make 'port' command and eventually connection is closed
    conf:
    disabled the userland FTP-Proxy application for lan
    no matter if wan ftp-proxy is disabled or enabled
    no matter if "Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typically port 20)." is enabled or disabled

    2 i cant access my lan ftp server on pfsense but i can connect to any external ftp server
    conf:
    enabled the userland FTP-Proxy application for lan
    and probably rest from the config in first point.

    unfortunately it takes time to check all combinations becouse after making changes in userland ftp-proxies pfSense loses pppoe session and webgui hangs up (ssh remains active and accessible, but restarting webgui doesnt help).

    guys, what do i need to make my ftp accessible and let my lan users connect to external ftp servers or we have touched a new pf-problem ?



  • ok, heres deal. i have to force all my users to use passive release when connecting external ftp servers.
    but is it possible to make userland proxies (for lan and for wan) cooperative and use active data release in both directions ?



  • Pure-ftpd is meant to be a stand-alone package.  This is one of the reasons why the notice exists in the package description    DO NOT RUN THIS ON A FIREWALL. USE A DEDICATED MACHINE!

    Or are you running it on a machine behind the firewall?



  • hehe. i am running this on pfSense which is my firewall and gateway (pppoe). its because i cant just add another comp to my room for an ftp server. it just has to be an all in one machine.



  • Sorry, for exactly the reason you have ran into is the reason we do not recommend this config.



  • ok, but theres still problem with hanging networking (lan+wan) after approving userland ftp-proxy changes, i mentioned above.



  • Make sure you are on the latest testing version.  Its been mentioned in the forums a LOT now.



  • problem still exists on 2.2.06

    additionaly pfSense has halted today during normal work. unfotunately no logs have been saved, so i cant say anything about reason.
    running only nat (pppoe) + fw + pureftpd + wan userland ftp proxy + https + sshd

    now switched to nat (pppoe) + fw + lan userland proxy + https + sshd and working fine



  • As I said before, we do not support pure-ftpd on the same machine.



  • i left the problem accesing ftp, and focused on userland ftp proxies changes:

    "unfortunately it takes time to check all combinations becouse after making changes in userland ftp-proxies pfSense loses pppoe session and webgui hangs up (ssh remains active and accessible, but restarting webgui doesnt help)."

    "ok, but theres still problem with hanging networking (lan+wan) after approving userland ftp-proxy changes, i mentioned above."

    so is the problem of hanging webgui, wan session etc is going to be igonred ? :>



  • I's not really ignored, it's just not happening to anybody else (at least I haven't heared about it). I'm not sure if this is somehow pure-ftpd related (that it borked something or whatever). I would suggest reinstalling the latest testsnapshot from scratch and test again without having pure-ftpd installed. We are focusing at coredevelopement atm and pure-ftpd might just be broken and mess up something. This is a package not many people use and as Scott pointed out (and the description says as well), it's not meant to be installed at a machine running as firewall anyway.


Locked