FTP no directory listing problem.



  • Hi all,

    I've just installed PFSense 2.1, and I have to say it rocks for ease of use and performance - I'm getting over 110 mbits/sec  down over my cable connection !

    The only problem I have now is with FTP - I can't seem to do anymore than connect to any external servers, any actual directory request simply times out.

    for the sake of troubleshooting I have the following  3 packages installed:
    Squid (2.7.9 pkg v.4.3.3)
    Lightsquid (1.8.2 pkg v.2.33)
    DarkStat (3.0.714)

    Squid is configured as a transparent proxy, and seems to be working fine. The only other thing I have changed is to enable static arp entries on the dhcp server page.

    Has anyone else experienced this type of problem ? I did a search and found lots of FTP problems, but they all seemed to be related to internal FTP server access.

    I am trying to connect to mirror.aarnet.edu.au, which was working fine on my Asus router before I upgraded to PFSense.

    -Pete



  • Quick update - I removed the Darkstat package, and now it all seems to be working fine. Must be a coincidence, as this does not seem like a logical cause…

    -Pete


  • Rebel Alliance Global Moderator

    No I don't see how darkstat could have anything to do with it.

    But as to access to outside servers - the data connection (directory listings) could still have problems depending if your doing active or passive connection to the server.  In a active connection the server would make a connection back to your IP.  So when behind a NAT like pfsense is by default doing.  If the helper is not working, or your doing ftps or ftpes and the connection is inside a encrypted tunnel that the helper can not see.  it can not change your private IP of your client to the public IP of pfsense and then in turn open the port for the server to talk to your client for the data side.

    In passive you should not have any issues since you create the connection to the server, so unless your filtering outbound traffic you should have any issues.  But lets say you limited outbound traffic to only 80, 443, 21 then sure you could have issues since the passive connection might be on port 42003 or something.

    You could also have problems with ftp if behind a double nat.. Here is a great write up of active vs passive

    http://slacksite.com/other/ftp.html

    To be most often the problems users have with ftp is just not understanding the protocol in general