FTP problems within site-to-site IPSec tunnel



  • Hello,

    I have the following setup:

    LOCAL LAN <==> LOCAL pfSense <==> Cisco router <==> INTERNET <==> A router <==> REMOTE pfSense <==> REMOTE LAN

    LOCAL LAN: 10.6.0.0/16
    REMOTE LAN: 192.168.2.0/24

    There's an IPSec tunnel between the local pfSense and the remote one.

    There's also an FTP server on the remote LAN, having IP 192.168.2.86/24.
    I'm trying to upload some files from an FTP client on 10.6.0.7/16 to the remote FTP server.

    The initial FTP connection is OK. I successfully get the directory listing.
    NB: I'm using passive FTP.

    I also successfully uploaded a small file of size 12KB.
    However, when I try to upload a larger file, the transfer starts (327680 bytes are uploaded), and then I get an error.
    See log extract below:

    Command:	STOR test.pdf
    Response:	150 Opening BINARY mode data connection for 'test.pdf'.
    Error:	Could not write to transfer socket: ECONNRESET - Connection reset by peer
    Response:	426 Data connection: No such file or directory.
    Error:	File transfer failed after transferring 327,680 bytes in 26 seconds
    

    Extract from pfSense firewall log:

    Jan 1 15:08:03   LAN   10.6.0.7:57584   192.168.2.86:21   TCP:PA
    Jan 1 15:08:02   LAN   10.6.0.7:57584   192.168.2.86:21   TCP:A
    Jan 1 15:08:02   LAN   10.6.0.7:57584   192.168.2.86:21   TCP:PA
    
    

    NB:
    I have the following rule on the LAN, WAN and IPSec interfaces on the Firewall rules page:
    Allow from LAN subnet to 192.168.2.0/24
    Allow from 192.168.2.0/24 to LAN subnet

    I also tested uploading from the same FTP client to a public FTP server without any problem.

    Can anyone please shed some light?



  • Please ignore this post.

    The system administrator at the remote end had the wrong gateway on the FTP server.


Log in to reply