<![CDATA[Passive FTP Setup]]>I'm sure that everyone is sick of the FTP questions by now. I've been reading up on this for about 3 days and haven't found a solution that works. Here's my setup…

I'm running v1.0.1.
I have dual WAN's but I'm not doing any load balancing on them. The second WAN is simply a backup line and is only used in emergencies.
I also have CARP setup and that is working fine. Every other protocol is working fine just not passive FTP.

I have a CARP VIP setup for the web server that needs FTP.
I then have 1:1 NAT pointing from the external VIP to the internal LAN IP of the server.
The FTP-Proxy helper is disabled on all interfaces.

In the firewall rules I have

WAN    TCP    *    *    192.168.1.10 (servers ip)  FTP(21)    *
    WAN    UDP    *    *    192.168.1.10                  20            *

Active works fine at this point.

I then setup MSFTP to use the passive ports  6100-6200 then added the following rule

WAN    UDP    *    *    192.168.1.10  6100-6200    *

I've tested the FTP from outside the local network and the active works fine but the passive freezes on the PASV command.
I've tried turning the FTP-proxy app on and off and it seems to make no difference.

What am I missing here? I am somewhat new to custom firewalling so please bear with me.  ???

]]>https://forum.netgate.com/topic/5636/passive-ftp-setupRSS for NodeWed, 20 May 2026 01:02:04 GMTWed, 29 Aug 2007 20:52:16 GMT60<![CDATA[Reply to Passive FTP Setup on Sun, 02 Sep 2007 07:59:33 GMT]]>1.0.1 is not recommended for new installs. Try 1.2RC2. Also see http://devwiki.pfsense.org/FTPTroubleShooting

]]>https://forum.netgate.com/post/159260https://forum.netgate.com/post/159260Sun, 02 Sep 2007 07:59:33 GMT<![CDATA[Reply to Passive FTP Setup on Fri, 31 Aug 2007 03:06:10 GMT]]>Any other thoughts?

]]>https://forum.netgate.com/post/159218https://forum.netgate.com/post/159218Fri, 31 Aug 2007 03:06:10 GMT<![CDATA[Reply to Passive FTP Setup on Wed, 29 Aug 2007 22:48:26 GMT]]>I checked the logs and nothing is being blocked that I can see.

]]>https://forum.netgate.com/post/159165https://forum.netgate.com/post/159165Wed, 29 Aug 2007 22:48:26 GMT<![CDATA[Reply to Passive FTP Setup on Wed, 29 Aug 2007 22:16:45 GMT]]>nope. i just looked it up. it's TCP
–> http://en.wikipedia.org/wiki/Ftp

if you look at the firewall log. do you see anything blocked?

]]>https://forum.netgate.com/post/159164https://forum.netgate.com/post/159164Wed, 29 Aug 2007 22:16:45 GMT<![CDATA[Reply to Passive FTP Setup on Wed, 29 Aug 2007 22:09:46 GMT]]>I have also tried allowing TCP/UDP and it doesn't seem to help. From my limited knowledge I believe that the data ports only require UDP.

]]>https://forum.netgate.com/post/159163https://forum.netgate.com/post/159163Wed, 29 Aug 2007 22:09:46 GMT<![CDATA[Reply to Passive FTP Setup on Wed, 29 Aug 2007 21:59:43 GMT]]>You allow only UDP. I'm not sure if it's that, but could it be that you need to put TCP there?

]]>https://forum.netgate.com/post/159160https://forum.netgate.com/post/159160Wed, 29 Aug 2007 21:59:43 GMT