Problem running ftp server on 2 hosts behind firewall
-
I'm running pfsense-2.0.1/i386 (nanobsd)
I have one public ip and several servers on private ip behind the firewall - all ubuntu 12.04.
First ftp-server:
Server with ip 172.16.21.4 runs pure-ftpd, the only thing I did here was to add a NAT in pfsense port 21 WAN -> port 21 on 172.16.21.4
This works fine.Second ftp-server:
Server with ip 172.16.21.102 runs pure-ftpd. This is the one that doesn't work.
I can connect & login, but can't do anything.
The errors:
In passive mode I get```
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 I won't open a connection to 192.168.0.102 (only to <clients public="" ip="">)
ftp: bind: Address already in use</clients>In active mode I get``` ftp> ls 227 Entering Passive Mode (80,80,80,80,60,234) ftp: connect: Connection timed out ```(192.168.0.2 is my client, servers public ip is 80.80.80.80) I have tried connecting from 3 different locations, same every time. However, there is no problem connecting to other ftp servers. I have tried using ftp & pftp in cli and filezilla. I have read lots and lots - seems I'm not alone with the problem. I have tried passive mode and active mode. I have NAT:ed port range 40000-41000 in pfsense to this ftp-server, also of course configured pure-ftpd to use those ports. The strange thing is ftp server says it wont open connection to _my clients_ private ip? This does not happen connecting to first ftp-server or to any other ftpserver I've tried so it still has to be something on the server side? –- Adding: ftp to the second ftp-server from within LAN works fine (vpn-tunnel in).
-
You seriously should upgrade before wasting more time with any debugging. Tons of bugfixes related to pfftpproxy there.
-
Thanks for your effort.
However, I can't upgrade. It's an appliance with too little disk-space.
(Also, 2.0.1 -> 2.0.3 does not really sound like a hugh step - if it is it's incorrectly numbered. 2.1 is still RC.)Anyway, I need this to work with the version I have - or are you saying that 2.0.1 is so buggy it won't function correctly?? That's scary!
-
or are you saying that 2.0.1 is so buggy it won't function correctly??
That's not what I've said. What I've said is that there have been relevant bugfixes since 2.0.1 (and a whole lot more of those in 2.1)
That's scary!
Running a deprecated version with known security issues sounds even more scary. You won't see any fixes there either.
You can play with the -N switch for pureftpd, diff the configs etc. Other than that, no idea.
P.S. Trying active FTP to a server behind NAT is completely futile effort.