Problem running ftp server on 2 hosts behind firewall

  • I'm running pfsense-2.0.1/i386 (nanobsd)
    I have one public ip and several servers on private ip behind the firewall - all ubuntu 12.04.
    First ftp-server:
    Server with ip runs pure-ftpd, the only thing I did here was to add a NAT in pfsense port 21 WAN -> port 21 on
    This works fine.

    Second ftp-server:
    Server with ip runs pure-ftpd. This is the one that doesn't work.
    I can connect & login, but can't do anything.
    The errors:
    In passive mode I get```
    230 OK. Current directory is /
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls
    500 I won't open a connection to (only to <clients public="" ip="">)
    ftp: bind: Address already in use</clients>

    In active mode I get```
    ftp> ls
    227 Entering Passive Mode (80,80,80,80,60,234)
    ftp: connect: Connection timed out
    ```( is my client, servers public ip is
    I have tried connecting from 3 different locations, same every time. However, there is no problem connecting to other ftp servers. I have tried using ftp & pftp in cli and filezilla.
    I have read lots and lots - seems I'm not alone with the problem.
    I have tried passive mode and active mode.
    I have NAT:ed port range 40000-41000 in pfsense to this ftp-server, also of course configured pure-ftpd to use those ports.
    The strange thing is ftp server says it wont open connection to _my clients_ private ip?
    This does not happen connecting to first ftp-server or to any other ftpserver I've tried so it still has to be something on the server side?
    ftp to the second ftp-server from within LAN works fine (vpn-tunnel in).

  • Banned

    You seriously should upgrade before wasting more time with any debugging. Tons of bugfixes related to pfftpproxy there.

  • Thanks for your effort.

    However, I can't upgrade. It's an appliance with too little disk-space.
    (Also, 2.0.1 -> 2.0.3 does not really sound like a hugh step - if it is it's incorrectly numbered. 2.1 is still RC.)

    Anyway, I need this to work with the version I have - or are you saying that 2.0.1 is so buggy it won't function correctly?? That's scary!

  • Banned


    or are you saying that 2.0.1 is so buggy it won't function correctly??

    That's not what I've said. What I've said is that there have been relevant bugfixes since 2.0.1 (and a whole lot more of those in 2.1)


    That's scary!

    Running a deprecated version with known security issues sounds even more scary. You won't see any fixes there either.

    You can play with the -N switch for pureftpd, diff the configs etc. Other than that, no idea.

    P.S. Trying active FTP to a server behind NAT is completely futile effort.

Log in to reply