Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.2 passive FTP

    NAT
    4
    9
    1495
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      off last edited by

      2.2-RELEASE immediately drops control connection to ftp-server (tcp/21) when command 'PASV' is passed through it:

      C:> telnet ftp-server 21
      220 (vsFTPd 3.0.2)
      USER user
      331 Please specify the password.
      PASS password
      230 Login successful.
      PASV

      Connection to host lost.

      Wireshark show TCP RST after "PASV send" packet. vsftpd supports passive mode for sure and it's working from LAN (inside). "Port forward" for range exist (20000-20999 in our case), but there's no difference in behaviour whether "port forward" exist or not.

      What we can made it work back?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        https://doc.pfsense.org/index.php/FTP_without_a_Proxy

        1 Reply Last reply Reply Quote 0
        • O
          off last edited by

          @doktornotor:

          https://doc.pfsense.org/index.php/FTP_without_a_Proxy

          Please read topic carefully, especially "Port forward for range exist" sentense. Of course I had already read mentioned article. So it's not about settings (either vsftpd or pfsense), it's about pfsense bug with Wireshark as acknowledge.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            There's no such bug. Go re-read the article and fix your FTP server configuration.

            1 Reply Last reply Reply Quote 0
            • O
              off last edited by

              @doktornotor:

              There's no such bug. Go re-read the article and fix your FTP server configuration.

              As I already said doesn't matter any server configuration (both meanings: "any config", "any server", tried several ftp servers either Linux or Windows). "PASV" control packet resulted immediately TCP RST from pfSense w/o even passing "PASV" to internal IP (rep: Wireshark).

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                Sucks to be you.

                
USER test
331 Password required for test
PASS s3cr3t
230 User test logged in
CWD /public
250 CWD command successful
PASV
227 Entering Passive Mode (188,75,xxx,xxx,218,171).
PWD
257 "/public" is the current directory
QUIT
221 Goodbye.
                1 Reply Last reply Reply Quote 0
                • M
                  mikeisfly last edited by

                  Off,

                  If this is any help to you I have a passive FTP server working too. I'm using Filezilla running on Windows Server 2003. I would just verify that your server knows what its public IP address is, in my case I use dynamic DNS for that.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    So your trying to ftp working with telnet?

                    "telnet ftp-server 21"

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-2440 2.4.5p1 | 4x SG-3100 2.4.4p3 | SG-4860 21.05.2

                    1 Reply Last reply Reply Quote 0
                    • M
                      mikeisfly last edited by

                      @johnpoz:

                      So your trying to ftp working with telnet?

                      "telnet ftp-server 21"

                      Good catch didn't see that, usually the simplest answer is the correct one. Unless he just made a typo.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy