Problem running ftp server on 2 hosts behind firewall



  • I'm running pfsense-2.0.1/i386 (nanobsd)
    I have one public ip and several servers on private ip behind the firewall - all ubuntu 12.04.
    First ftp-server:
    Server with ip 172.16.21.4 runs pure-ftpd, the only thing I did here was to add a NAT in pfsense port 21 WAN -> port 21 on 172.16.21.4
    This works fine.

    Second ftp-server:
    Server with ip 172.16.21.102 runs pure-ftpd. This is the one that doesn't work.
    I can connect & login, but can't do anything.
    The errors:
    In passive mode I get```
    230 OK. Current directory is /
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls
    500 I won't open a connection to 192.168.0.102 (only to <clients public="" ip="">)
    ftp: bind: Address already in use</clients>

    In active mode I get```
    
    ftp> ls
    227 Entering Passive Mode (80,80,80,80,60,234)
    ftp: connect: Connection timed out
    
    ```(192.168.0.2 is my client, servers public ip is 80.80.80.80)
    I have tried connecting from 3 different locations, same every time. However, there is no problem connecting to other ftp servers. I have tried using ftp & pftp in cli and filezilla.
    
    I have read lots and lots - seems I'm not alone with the problem.
    I have tried passive mode and active mode.
    I have NAT:ed port range 40000-41000 in pfsense to this ftp-server, also of course configured pure-ftpd to use those ports.
    
    The strange thing is ftp server says it wont open connection to _my clients_ private ip?
    This does not happen connecting to first ftp-server or to any other ftpserver I've tried so it still has to be something on the server side?
    –-
    Adding:
    ftp to the second ftp-server from within LAN works fine (vpn-tunnel in).

  • Banned

    You seriously should upgrade before wasting more time with any debugging. Tons of bugfixes related to pfftpproxy there.



  • Thanks for your effort.

    However, I can't upgrade. It's an appliance with too little disk-space.
    (Also, 2.0.1 -> 2.0.3 does not really sound like a hugh step - if it is it's incorrectly numbered. 2.1 is still RC.)

    Anyway, I need this to work with the version I have - or are you saying that 2.0.1 is so buggy it won't function correctly?? That's scary!


  • Banned

    @pingulino:

    or are you saying that 2.0.1 is so buggy it won't function correctly??

    That's not what I've said. What I've said is that there have been relevant bugfixes since 2.0.1 (and a whole lot more of those in 2.1)

    @pingulino:

    That's scary!

    Running a deprecated version with known security issues sounds even more scary. You won't see any fixes there either.

    You can play with the -N switch for pureftpd, diff the configs etc. Other than that, no idea.

    P.S. Trying active FTP to a server behind NAT is completely futile effort.


Log in to reply