Ftp server problem

lsf

try to turn on static nat, or enable the ftp proxy.

shawnspeak

I've tried both of these and the results are the same.

Question: Is pftpx (the FTP proxy) supposed to rewrite the address returned for PASV and also take care of the port mapping?

sullrich

Yes it does, and the only known problem currently has to do with FTP brdiging.  So this should be working.

shawnspeak

Ok. So should I see a pftpx process running associated with the WAN interface?

Regardless of FTP proxy settings for either the LAN or WAN interface, there is only one pftpx process ever running and it's always associated with the LAN interface. (and I do reboot after changing this setting)

sullrich

Yes you should, make sure the helper is enabled on WAN interface.

shawnspeak

I've confirmed the FTP helper is enabled on the WAN and LAN interfaces and I've rebooted the machine. There is only one process listed:```
/usr/local/sbin/pftpx -c 8021 -g 8021 10.10.101.2

If it failed on startup whould it be logged anywhere?

sullrich

It will only fail on startup if you have a really old version.

If this is a full install run cvs_sync.sh releng_1 from a shell.

shawnspeak

Just to be certain, I've done fresh install's of Beta 2, Beta 3 and Beta 3 + cvs update.. and on ALL of them, there is ALWAYS only one pftpx process (LAN interface) running when I enable the FTP helper on the WAN interface. For all of these tests, I configured the interfaces, enabled the WAN FTP helper and rebooted and made no other changes. From what I can tell, the WAN interface FTP helper never starts regardless of the setting in the webConfig.

Edit: Have now found an error message:

May 8 11:45:32 pftpx[8480]: listening on x.x.x.x port 21
May 8 11:45:32 pftpx[8480]: event_dispatch error: Operation not supported by device
May 8 11:45:32 pftpx[8480]: pftpx exiting on signal 0

Speck

When the sysem boot i see only this in the system log:

May 23 14:46:15 pftpx[816]: listening on 127.0.0.1 port 8021
May 23 14:46:15 pftpx[816]: listening on 127.0.0.1 port 8021

How can i check if pftpx process is running?

when i try to connect with both wan and lan Ftp helper enabled i get this

May 23 14:48:15 pftpx[816]: #1 server timeout
May 23 14:48:15 pftpx[816]: #1 server timeout

and i can't connect!

tried now ps -aux the only line with pftpx is

proxy  816  0.0  0.2  656  492  ??  Ss    2:46PM  0:00.02 /usr/local/sbin/pftpx -c 8021 -g 8021 192.168.10.11

Thanks

Speck

I can add some info for this problem.

My WAN is configured this way:

IP 192.168.x.x GW 192.168.x.x Mask 255.255.255.0

All my external IP are configured as Virtual IP ProxyARP.

Maybe this configuration (wan with private IP and all pARP public IP) can "confuse" Ftp helper? maybe I need some special settings?

Thanks in advance!
Speck

sullrich

Only if you are blocking private networks in Interfaces -> WAN.

Speck

No, I'm not blocking private networks! (box is unchecked)

I really can't understand what's wrong with my config!

Thanks anyway!

Speck

sullrich

Also make sure you are not blocking bogons.

Finally check out http://faq.pfsense.com/index.php?sid=64164&lang=en&action=search