FTP problem

mvrk · Jul 26, 2013, 3:43 PM

Hi,

I'm getting a few problems when using ftp, the connections sometimes got blocked.

I've already configured the rule for Outgoing FTP explained on http://doc.pfsense.org/index.php/FTP_Troubleshooting , but still have problem.

Gets stuck on PASV … then after a 2m it downloads:

wget ftp://ftp.cisco.com/pub/mibs/v1/CISCO-PRODUCTS-MIB-V1SMI.my
--2013-07-26 16:38:41-- ftp://ftp.cisco.com/pub/mibs/v1/CISCO-PRODUCTS-MIB-V1SMI.my
=> ‘CISCO-PRODUCTS-MIB-V1SMI.my.1’
Resolving ftp.cisco.com (ftp.cisco.com)... 72.163.7.54
Connecting to ftp.cisco.com (ftp.cisco.com)|72.163.7.54|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub/mibs/v1 ... done.
==> SIZE CISCO-PRODUCTS-MIB-V1SMI.my ... 100087
==> PASV ... couldn't connect to 72.163.7.54 port 62670: Connection timed out
Retrying.

--2013-07-26 16:40:50-- ftp://ftp.cisco.com/pub/mibs/v1/CISCO-PRODUCTS-MIB-V1SMI.my
(try: 2) => ‘CISCO-PRODUCTS-MIB-V1SMI.my.1’
Connecting to ftp.cisco.com (ftp.cisco.com)|72.163.7.54|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub/mibs/v1 ... done.
==> SIZE CISCO-PRODUCTS-MIB-V1SMI.my ... 100087
==> PASV ... done. ==> RETR CISCO-PRODUCTS-MIB-V1SMI.my ... done.
Length: 100087 (98K) (unauthoritative)

100%[=====================================================================================================================================================>] 100.087 104KB/s in 0,9s

2013-07-26 16:40:53 (104 KB/s) - ‘CISCO-PRODUCTS-MIB-V1SMI.my.1’ saved [100087]

On the firewall log i have this:

block
Jul 26 16:38:42 Direction=OUT LAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 72.163.7.54:62670 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 192.168.2.69:62670 TCP:SA
block
Jul 26 16:38:47 Direction=OUT LAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 72.163.7.54:62670 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 192.168.2.69:62670 TCP:SA
block
Jul 26 16:38:53 Direction=OUT LAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 72.163.7.54:62670 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 192.168.2.69:62670 TCP:SA
block
Jul 26 16:39:05 Direction=OUT LAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 72.163.7.54:62670 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 192.168.2.69:62670 TCP:SA
block
Jul 26 16:39:29 Direction=OUT LAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 72.163.7.54:62670 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 192.168.2.69:62670 TCP:SA

mastahfr · Jul 26, 2013, 3:54 PM

Sometimes it's working for me, sometimes it's not, I suggest it's a server problem and not your pfsense settings

doktornotor · Jul 26, 2013, 3:59 PM

http://forum.pfsense.org/index.php/topic,62237.0.html

mvrk · Jul 26, 2013, 8:42 PM

@mastahfr:

Sometimes it's working for me, sometimes it's not, I suggest it's a server problem and not your pfsense settings

It must be pfSense, because ate home (with a normal router), downloading from the same server never gives me problems.