• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FTP Client Proxy Package

Scheduled Pinned Locked Moved Cache/Proxy
69 Posts 37 Posters 74.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    stefb
    last edited by Mar 5, 2015, 1:19 PM

    Hello,

    First, thanks for this, it will help in some corporate environments where things move slowly and outgoing internet connection is limited.

    I have tried with ftp.free.fr on a dual wan setup with load balancing and it seems there is an issue with the outgoing ip :

    lftp 212.27.60.27:~> ls
    ---- Connexion à 212.27.60.27 (212.27.60.27) port 21
    <--- 220 Welcome to ProXad FTP server
    ---> FEAT
    <--- 211-Features:
    <---  EPRT
    <---  EPSV
    <---  MDTM
    <---  PASV
    <---  REST STREAM
    <---  SIZE
    <---  TVFS
    <---  UTF8
    <--- 211 End
    ---> OPTS UTF8 ON
    <--- 200 Always in UTF8 mode.
    ---> USER anonymous
    <--- 331 Please specify the password.
    ---> PASS lftp@
    <--- 230 Login successful.
    ---> PWD
    <--- 257 "/"
    ---> PASV
    <--- 227 Entering Passive Mode (212,27,60,27,237,91)
    ---- Connecting data socket (212.27.60.27) port 60763
    ---- Data connection established
    ---> LIST
    <--- 425 Security: Bad IP connecting.
    ---- Closing data socket
    
    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Mar 5, 2015, 1:22 PM

      Are you load balancing? It probably won't work with load balancing if the data connection leaves a different WAN. Not sure if there is a way around that one using this proxy.

      It works for me to that site, but I'm doing failover not load balancing.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • S
        stefb
        last edited by Mar 5, 2015, 1:34 PM

        Yes, i'm load balancing,

        I could failover for the ftp connection if needed.

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Mar 5, 2015, 1:34 PM

          Problem with that is the outbound connection from the client will be on a high, unpredictable port.

          That's one case where with a proxy, active mode would work better.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • S
            stefb
            last edited by Mar 5, 2015, 1:48 PM

            Yes I confirm that when using Active mode it works :

            stefb@host:~$ LANG=en_US.utf8 lftp 212.27.60.27
            lftp 212.27.60.27:~> set ftp:passive-mode no
            lftp 212.27.60.27:~> debug
            lftp 212.27.60.27:~> ls
            ---- Connecting to 212.27.60.27 (212.27.60.27) port 21
            <--- 220 Welcome to ProXad FTP server
            ---> FEAT
            <--- 211-Features:
            <---  EPRT
            <---  EPSV
            <---  MDTM
            <---  PASV
            <---  REST STREAM
            <---  SIZE
            <---  TVFS
            <---  UTF8
            <--- 211 End
            ---> OPTS UTF8 ON
            <--- 200 Always in UTF8 mode.
            ---> USER anonymous
            <--- 331 Please specify the password.
            ---> PASS lftp@
            <--- 230 Login successful.
            ---> PWD
            <--- 257 "/"
            ---> PORT 192,168,75,178,129,186
            <--- 200 PORT command successful. Consider using PASV.
            ---> LIST
            ---- Accepted data connection from (212.27.60.27) port 20
            <--- 150 Here comes the directory listing.
            ---- Got EOF on data connection
            ---- Closing data socket
            lrwxrwxrwx    1 ftp      ftp            28 Jun 14  2011 MPlayer -> mirrors/mplayerhq.hu/MPlayer
            drwxr-xr-x    2 ftp      ftp          4096 May 07  2008 awstats
            drwx------    2 ftp      ftp          4096 Mar 08  2006 lost+found
            drwxr-xr-x    3 ftp      ftp          4096 Aug 18  2014 mirrors
            drwxr-xr-x    2 ftp      ftp          4096 Dec 24  2008 nzb
            drwxr-xr-x    9 ftp      ftp          4096 Oct 23 13:41 pub
            drwxr-xr-x    2 ftp      ftp         69632 Mar 04 23:30 stats
            drwxr-xr-x    2 ftp      ftp          4096 Mar 05 11:40 tmp
            <--- 226 Directory send OK.
            lftp 212.27.60.27:/>
            
            
            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by Mar 5, 2015, 8:29 PM

              Just tested quickly, personally have no need for this.

              • Totally broken when you tick the IPv6 checkbox, nothing works.
              • This breaks any encrypted FTP connections when the proxy is enabled (which sucks big time.)
              1 Reply Last reply Reply Quote 0
              • B
                brainloss
                last edited by Mar 5, 2015, 9:35 PM

                Upgraded from 2.1.5 to 2.2 and found the that a application that user FTP on the LAN could no longer talk correctly to the remote FTP server.
                I have no control on the application or FTP server but the function it provides is critical to the business.
                This package saved me last night and while I have not fully tested all options in the package, it did immediately solve my issue.

                Proxy Enable - Tick
                Local Interface - LAN and OPT1(Wifi)
                IPv6 - no tick
                Anonymous - no tick
                Source - My WAN IP
                Bind Port - 21
                Max Sessions - Blank
                Traffic Shaping - Blank
                Rewrite Port 20 - no tick
                Ide Timeout - Blank
                Log Connection - ticked

                JIMP - Huge thanks for the quick turn around on this package, I think you just convinced me to say thankyou with a gold subscription :-)

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Mar 5, 2015, 9:39 PM

                  @doktornotor:

                  Just tested quickly, personally have no need for this.

                  Me either, but sadly it's so ingrained that it's hard to rip out.

                  @doktornotor:

                  • Totally broken when you tick the IPv6 checkbox, nothing works.

                  I suspected that might be the case. Proxying IPv6 seems like a bad idea anyow. I may rip that option out next rev.

                  @doktornotor:

                  • This breaks any encrypted FTP connections when the proxy is enabled (which sucks big time.)

                  Not sure anything can be done for that, and it does suck.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    jimp Rebel Alliance Developer Netgate
                    last edited by Mar 5, 2015, 9:41 PM

                    @brainloss:

                    Source - My WAN IP

                    If that's your only WAN IP, it can be left blank. That box is primarily for people who need it to exit a VIP or some other different IP, perhaps if your WAN is behind NAT.

                    @brainloss:

                    Bind Port - 21

                    Don't do that. Leave it blank.

                    @brainloss:

                    JIMP - Huge thanks for the quick turn around on this package, I think you just convinced me to say thankyou with a gold subscription :-)

                    You're welcome, glad it helped!

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi
                      last edited by Mar 5, 2015, 9:46 PM

                      I suspect lots of people will use soon as they see it.

                      1 Reply Last reply Reply Quote 0
                      • -
                        -flo- 0
                        last edited by Mar 6, 2015, 6:35 AM

                        Thanks a lot!!

                        I only need ftp once every few years like when some provider has support files only available via anonymous ftp. So as bad as ftp may be not being able to use it is a real pain.

                        -flo-

                        1 Reply Last reply Reply Quote 0
                        • J
                          jimp Rebel Alliance Developer Netgate
                          last edited by Mar 9, 2015, 5:32 PM

                          I removed the broken IPv6 setting and I added fields for source bypass and destination bypass.

                          At least that way, if you have a secure FTP server you could add it to the bypass list so that the proxy won't break it.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • P
                            pfsenseo
                            last edited by Mar 12, 2015, 1:30 PM

                            Thanks a lot for your package !!!

                            It save me many days of troubleshouting…

                            I also think that I am not the only one in this case.

                            Hope that pfSense team will quickly correct this bug.

                            Thanks again.

                            Yan

                            1 Reply Last reply Reply Quote 0
                            • M
                              matsan
                              last edited by Mar 14, 2015, 12:46 PM

                              Just want to chime in here - upgraded hardware and installed 2.2 and immediately got bitten by the lack of ftp-proxy.
                              This package saved tons of time during the hectic upgrade.

                              1 Reply Last reply Reply Quote 0
                              • J
                                JeGr LAYER 8 Moderator
                                last edited by Mar 16, 2015, 10:45 AM

                                I suspected that might be the case. Proxying IPv6 seems like a bad idea anyow. I may rip that option out next rev.

                                In environments, where users are trying to build a new IPv6 only network, that option may be very well received (for proxying IPv6 clients to IPv4 only servers). If that is possible, it would be nice to be included. Of course not needing FTP at all would be quite better… ;)

                                Greets

                                Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jimp Rebel Alliance Developer Netgate
                                  last edited by Mar 16, 2015, 10:57 AM

                                  It wasn't a 6-to-4 style proxy or anything that interesting, it was for v6 to v6 only, which is pretty useless except maybe in the presence of strict outbound firewall rules that the proxy could help with.

                                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    digidax
                                    last edited by Mar 18, 2015, 7:24 AM

                                    How can I install this package?
                                    Was going back to 2.1.5 and want now try to update to 2.2.1 with working FTP outgoing from LAN.

                                    best regards
                                    Frank

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      doktornotor Banned
                                      last edited by Mar 18, 2015, 7:32 AM

                                      @digidax:

                                      Was going back to 2.1.5 and want now try to update to 2.2.1 with working FTP outgoing from LAN.

                                      Like any other package. System - Packages.

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        digidax
                                        last edited by Mar 18, 2015, 7:54 AM

                                        There is no package "ftpproxy".
                                        "freeradius2" is the last, then "gwled" is the next one.
                                        Will it be visible after I have done the update?

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          doktornotor Banned
                                          last edited by Mar 18, 2015, 8:02 AM

                                          The package is for 2.2.x only…

                                          1 Reply Last reply Reply Quote 0
                                          21 out of 69
                                          • First post
                                            21/69
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received