2.2 passive FTP



  • 2.2-RELEASE immediately drops control connection to ftp-server (tcp/21) when command 'PASV' is passed through it:

    C:> telnet ftp-server 21
    220 (vsFTPd 3.0.2)
    USER user
    331 Please specify the password.
    PASS password
    230 Login successful.
    PASV

    Connection to host lost.

    Wireshark show TCP RST after "PASV send" packet. vsftpd supports passive mode for sure and it's working from LAN (inside). "Port forward" for range exist (20000-20999 in our case), but there's no difference in behaviour whether "port forward" exist or not.

    What we can made it work back?


  • Banned



  • @doktornotor:

    https://doc.pfsense.org/index.php/FTP_without_a_Proxy

    Please read topic carefully, especially "Port forward for range exist" sentense. Of course I had already read mentioned article. So it's not about settings (either vsftpd or pfsense), it's about pfsense bug with Wireshark as acknowledge.


  • Banned

    There's no such bug. Go re-read the article and fix your FTP server configuration.



  • @doktornotor:

    There's no such bug. Go re-read the article and fix your FTP server configuration.

    As I already said doesn't matter any server configuration (both meanings: "any config", "any server", tried several ftp servers either Linux or Windows). "PASV" control packet resulted immediately TCP RST from pfSense w/o even passing "PASV" to internal IP (rep: Wireshark).


  • Banned

    Sucks to be you.

    
    USER test
    331 Password required for test
    PASS s3cr3t
    230 User test logged in
    CWD /public
    250 CWD command successful
    PASV
    227 Entering Passive Mode (188,75,xxx,xxx,218,171).
    PWD
    257 "/public" is the current directory
    QUIT
    221 Goodbye.
    
    


  • Off,

    If this is any help to you I have a passive FTP server working too. I'm using Filezilla running on Windows Server 2003. I would just verify that your server knows what its public IP address is, in my case I use dynamic DNS for that.


  • LAYER 8 Global Moderator

    So your trying to ftp working with telnet?

    "telnet ftp-server 21"



  • @johnpoz:

    So your trying to ftp working with telnet?

    "telnet ftp-server 21"

    Good catch didn't see that, usually the simplest answer is the correct one. Unless he just made a typo.


Log in to reply