Ftp server problem
-
I'm using Microsoft Ftp Sever (iis 6 Win2k3)
Anyway I think that it report internal address since i'm connecting using Nat Reflection and the server "see" the internal client IP.
I've tried to set external IP address but on Ms site is reported that the server will automatically use the right ip address (using nat service).
Today if I have time i'll try to setup BulletProof Ftp Server and see what happensā¦.
Thanks for your reply,
Speck
-
Just tried Bulletproof ftp server and all works :-\
So i guess the problem is with IIS 6 Ftp serviceā¦.
anyone know how to set external IP address on this kind of server?
Thanks to all for your help ;D
Speck
-
Hi all,
I'm having the exact same problem as OP, but what I don't understand is why IIS works fine behind other NAT firewalls(firebox,ipcop,linksys,netgear). What is pfSense doing different? I run a number of IIS ftp sites behind three different firewalls and ALL of them show the external NAT address (from the passive scenario above).
thanks for the help
edit.. using Beta3
-
try to turn on static nat, or enable the ftp proxy.
-
I've tried both of these and the results are the same.
Question: Is pftpx (the FTP proxy) supposed to rewrite the address returned for PASV and also take care of the port mapping?
-
Yes it does, and the only known problem currently has to do with FTP brdiging. So this should be working.
-
Ok. So should I see a pftpx process running associated with the WAN interface?
Regardless of FTP proxy settings for either the LAN or WAN interface, there is only one pftpx process ever running and it's always associated with the LAN interface. (and I do reboot after changing this setting)
-
Yes you should, make sure the helper is enabled on WAN interface.
-
I've confirmed the FTP helper is enabled on the WAN and LAN interfaces and I've rebooted the machine. There is only one process listed:```
/usr/local/sbin/pftpx -c 8021 -g 8021 10.10.101.2If it failed on startup whould it be logged anywhere? -
It will only fail on startup if you have a really old version.
If this is a full install run cvs_sync.sh releng_1 from a shell.
-
Just to be certain, I've done fresh install's of Beta 2, Beta 3 and Beta 3 + cvs update.. and on ALL of them, there is ALWAYS only one pftpx process (LAN interface) running when I enable the FTP helper on the WAN interface. For all of these tests, I configured the interfaces, enabled the WAN FTP helper and rebooted and made no other changes. From what I can tell, the WAN interface FTP helper never starts regardless of the setting in the webConfig.
Edit: Have now found an error message:
May 8 11:45:32 pftpx[8480]: listening on x.x.x.x port 21
May 8 11:45:32 pftpx[8480]: event_dispatch error: Operation not supported by device
May 8 11:45:32 pftpx[8480]: pftpx exiting on signal 0 -
When the sysem boot i see only this in the system log:
May 23 14:46:15 pftpx[816]: listening on 127.0.0.1 port 8021
May 23 14:46:15 pftpx[816]: listening on 127.0.0.1 port 8021How can i check if pftpx process is running?
when i try to connect with both wan and lan Ftp helper enabled i get this
May 23 14:48:15 pftpx[816]: #1 server timeout
May 23 14:48:15 pftpx[816]: #1 server timeoutand i can't connect!
tried now ps -aux the only line with pftpx is
proxy 816 0.0 0.2 656 492 ?? Ss 2:46PM 0:00.02 /usr/local/sbin/pftpx -c 8021 -g 8021 192.168.10.11
Thanks
-
I can add some info for this problem.
My WAN is configured this way:
IP 192.168.x.x GW 192.168.x.x Mask 255.255.255.0
All my external IP are configured as Virtual IP ProxyARP.
Maybe this configuration (wan with private IP and all pARP public IP) can "confuse" Ftp helper? maybe I need some special settings?
Thanks in advance!
Speck -
Only if you are blocking private networks in Interfaces -> WAN.
-
No, I'm not blocking private networks! (box is unchecked)
I really can't understand what's wrong with my config!
Thanks anyway!
Speck
-
Also make sure you are not blocking bogons.
Finally check out http://faq.pfsense.com/index.php?sid=64164&lang=en&action=search