Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FTP still appears to be broken…

    Firewalling
    2
    4
    2347
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sifter last edited by

      After doing a cvs sync this evening, I decided to do some more ftp testing.  I am not using dual wan.  RELENG_1_SNAPSHOT_03-19-2006 built on Sat Mar 18 01:47:08 UTC 2006

      I created a NAT: Port Forward as follows:
      WAN  TCP  21 (FTP)  10.0.0.5  21 (FTP)

      I checked the box to autocreate the fw rules,  and two rules were created on the WAN interface:
      TCP  *  *  10.0.0.5  21 (FTP)  *  NAT
      TCP  *  *                  21 (FTP)  *      NAT

      I then made a few connection attempts from a pc outside of my network, which was unsuccessful.  The following BLOCKED entries showed up in my logs:
      Mar 22 21:40:20    WAN    69.81.X.X:18172    67.171.X.X:21    TCP
      Mar 22 21:40:14 WAN 69.81.X.X:18172 67.171.X.X:21 TCP
      Mar 22 21:40:11 WAN 69.81.X.X:18172 67.171.X.X:21 TCP
      Mar 22 21:39:59 WAN 69.81.X.X:18171 67.171.X.X:21 TCP
      Mar 22 21:39:53 WAN 69.81.X.X:18171 67.171.X.X:21 TCP

      I know hoba was going to do some testing of ftp in the lab, but not sure if he has had time.  I have created other NAT: Port Forward rules using the same method for port 80, 443, and a few others, and all the traffic seems to flow ok.  Are there still issues with ftp on this ver?

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        You need more than only port 21. Your server is using a lot more rules than this. Check what range you have to forward additionally (configurable with most ftp servers). Also try to connect using active mode. Another issue that can pop up is your ftp server has to know it's public IP to tell the client the correct port to connect to. Check your ftp-server documentation. I'm not sure if your rules at WAN are correct. Do you have the ftp-helper enabled at WAN (it's disabled by default at WAN)?

        1 Reply Last reply Reply Quote 0
        • S
          Sifter last edited by

          That doesnt make sense tho that port 21 is forwarded, and yet port 21 is the port that is still being blocked.  Wouldnt I see other ports being hit on the firewall as well, not just 21 if it wanted more open?  Maybe port 20?  In the past, even on 9X.X releases, the only rule I had to have was port 21.  Im using the same ftp server now as I was back then.

          1 Reply Last reply Reply Quote 0
          • S
            Sifter last edited by

            So it looks like by default, the ftp helper is enabled on all interfaces.  In order for LAN and WAN to access my ftp server in the DMZ, I had to disable the ftp helper on all interfaces, LAN, WAN, and DMZ.  As soon as I turned that off, all is well.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post