Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2 passive FTP

    Scheduled Pinned Locked Moved NAT
    9 Posts 4 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      off
      last edited by

      2.2-RELEASE immediately drops control connection to ftp-server (tcp/21) when command 'PASV' is passed through it:

      C:> telnet ftp-server 21
      220 (vsFTPd 3.0.2)
      USER user
      331 Please specify the password.
      PASS password
      230 Login successful.
      PASV

      Connection to host lost.

      Wireshark show TCP RST after "PASV send" packet. vsftpd supports passive mode for sure and it's working from LAN (inside). "Port forward" for range exist (20000-20999 in our case), but there's no difference in behaviour whether "port forward" exist or not.

      What we can made it work back?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        https://doc.pfsense.org/index.php/FTP_without_a_Proxy

        1 Reply Last reply Reply Quote 0
        • O
          off
          last edited by

          @doktornotor:

          https://doc.pfsense.org/index.php/FTP_without_a_Proxy

          Please read topic carefully, especially "Port forward for range exist" sentense. Of course I had already read mentioned article. So it's not about settings (either vsftpd or pfsense), it's about pfsense bug with Wireshark as acknowledge.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            There's no such bug. Go re-read the article and fix your FTP server configuration.

            1 Reply Last reply Reply Quote 0
            • O
              off
              last edited by

              @doktornotor:

              There's no such bug. Go re-read the article and fix your FTP server configuration.

              As I already said doesn't matter any server configuration (both meanings: "any config", "any server", tried several ftp servers either Linux or Windows). "PASV" control packet resulted immediately TCP RST from pfSense w/o even passing "PASV" to internal IP (rep: Wireshark).

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Sucks to be you.

                
USER test
331 Password required for test
PASS s3cr3t
230 User test logged in
CWD /public
250 CWD command successful
PASV
227 Entering Passive Mode (188,75,xxx,xxx,218,171).
PWD
257 "/public" is the current directory
QUIT
221 Goodbye.
                1 Reply Last reply Reply Quote 0
                • M
                  mikeisfly
                  last edited by

                  Off,

                  If this is any help to you I have a passive FTP server working too. I'm using Filezilla running on Windows Server 2003. I would just verify that your server knows what its public IP address is, in my case I use dynamic DNS for that.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    So your trying to ftp working with telnet?

                    "telnet ftp-server 21"

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • M
                      mikeisfly
                      last edited by

                      @johnpoz:

                      So your trying to ftp working with telnet?

                      "telnet ftp-server 21"

                      Good catch didn't see that, usually the simplest answer is the correct one. Unless he just made a typo.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.