Problem running ftp server on 2 hosts behind firewall
I'm running pfsense-2.0.1/i386 (nanobsd)
I have one public ip and several servers on private ip behind the firewall - all ubuntu 12.04.
Server with ip 172.16.21.4 runs pure-ftpd, the only thing I did here was to add a NAT in pfsense port 21 WAN -> port 21 on 172.16.21.4
This works fine.
Server with ip 172.16.21.102 runs pure-ftpd. This is the one that doesn't work.
I can connect & login, but can't do anything.
In passive mode I get```
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
500 I won't open a connection to 192.168.0.102 (only to <clients public="" ip="">)
ftp: bind: Address already in use</clients>
In active mode I get``` ftp> ls 227 Entering Passive Mode (80,80,80,80,60,234) ftp: connect: Connection timed out ```(192.168.0.2 is my client, servers public ip is 188.8.131.52) I have tried connecting from 3 different locations, same every time. However, there is no problem connecting to other ftp servers. I have tried using ftp & pftp in cli and filezilla. I have read lots and lots - seems I'm not alone with the problem. I have tried passive mode and active mode. I have NAT:ed port range 40000-41000 in pfsense to this ftp-server, also of course configured pure-ftpd to use those ports. The strange thing is ftp server says it wont open connection to _my clients_ private ip? This does not happen connecting to first ftp-server or to any other ftpserver I've tried so it still has to be something on the server side? –- Adding: ftp to the second ftp-server from within LAN works fine (vpn-tunnel in).
You seriously should upgrade before wasting more time with any debugging. Tons of bugfixes related to pfftpproxy there.
Thanks for your effort.
However, I can't upgrade. It's an appliance with too little disk-space.
(Also, 2.0.1 -> 2.0.3 does not really sound like a hugh step - if it is it's incorrectly numbered. 2.1 is still RC.)
Anyway, I need this to work with the version I have - or are you saying that 2.0.1 is so buggy it won't function correctly?? That's scary!
or are you saying that 2.0.1 is so buggy it won't function correctly??
That's not what I've said. What I've said is that there have been relevant bugfixes since 2.0.1 (and a whole lot more of those in 2.1)
Running a deprecated version with known security issues sounds even more scary. You won't see any fixes there either.
You can play with the -N switch for pureftpd, diff the configs etc. Other than that, no idea.
P.S. Trying active FTP to a server behind NAT is completely futile effort.