Passive FTP Setup
-
I'm sure that everyone is sick of the FTP questions by now. I've been reading up on this for about 3 days and haven't found a solution that works. Here's my setup…
I'm running v1.0.1.
I have dual WAN's but I'm not doing any load balancing on them. The second WAN is simply a backup line and is only used in emergencies.
I also have CARP setup and that is working fine. Every other protocol is working fine just not passive FTP.I have a CARP VIP setup for the web server that needs FTP.
I then have 1:1 NAT pointing from the external VIP to the internal LAN IP of the server.
The FTP-Proxy helper is disabled on all interfaces.In the firewall rules I have
WAN TCP * * 192.168.1.10 (servers ip) FTP(21) *
WAN UDP * * 192.168.1.10 20 *Active works fine at this point.
I then setup MSFTP to use the passive ports 6100-6200 then added the following rule
WAN UDP * * 192.168.1.10 6100-6200 *
I've tested the FTP from outside the local network and the active works fine but the passive freezes on the PASV command.
I've tried turning the FTP-proxy app on and off and it seems to make no difference.What am I missing here? I am somewhat new to custom firewalling so please bear with me. ???
-
You allow only UDP. I'm not sure if it's that, but could it be that you need to put TCP there?
-
I have also tried allowing TCP/UDP and it doesn't seem to help. From my limited knowledge I believe that the data ports only require UDP.
-
nope. i just looked it up. it's TCP
–> http://en.wikipedia.org/wiki/Ftpif you look at the firewall log. do you see anything blocked?
-
I checked the logs and nothing is being blocked that I can see.
-
Any other thoughts?
-
1.0.1 is not recommended for new installs. Try 1.2RC2. Also see http://devwiki.pfsense.org/FTPTroubleShooting
