Software Changes between version 2.1 32 bit and version 2.2.3 64 bit



  • I have recently done a clean install of pfSense 2.2.3 64 bit on a PowerEdge R200 server. I have been a pfSense user for many years having used version 2.1 32 bit. I had configured 2.1 for use with one WAN and multiple LAN's.

    Rules used for one of the LAN's allowed several specific remote IP's to connect with my VSFTPD file server residing on  (192.168.1.8). This setup worked well and I was able to send files from remote IP's (ones that had specific rules on the pfSense 2.1 32 bit machine) to the local server inside my LAN at (192.168.1.8). I was also able to take files from the server accessing these from the remote IP.

    After the install of version 2.2.3 (64 bit running on PowerEdge R200) I was unable to upload files from the server. FileZilla on the remote IP is telling me at the end of the exchange used to log on to the server:

    “Command: PASV
    Response: 227 Entering Passive Mode (192.168.1.8.147.10)
    Status:      Server sent passive reply with unroutable address. Using server address instead
    Command: LIST
    Error:        Connection timed out
    Error:        Failed to receive directory listing”

    Throughout this process the version of VSFTPD remained the same. The machine it is running on is the same. I don't understand the cause of this issue.

    I would like to know what changes were made between version 2.1 and 2.2.3 that cause the change in pfSense program performance since VSFTPD remains the same for both pfSense installs.

    I understand that configuration changes could be made to VSFTPD to forward the servers real world IP along with specific ports to use when entering passive mode.

    Thank you. Any comments or suggestions you may care to make would be appreciated.


  • Banned

    Just tell your FTP server to use your WAN ip and the problem is gone.

    And remember to open passive FTP ports in the firewall so it can open connections to the FTP server.





  • Like to pursue the ftp-proxy within free BSD rather than rely upon my ISP holding the assigned IP constant when using the VSFTPD revised config approach.

    Does anyone have any suggestions on how to add and configure ftp-proxy in freeBSD to meet this objective? Also since the proxy inside pfSense has gone away (circa 2.2) will I be obliged to modify each succeeding pfSense upgrade due to freeBSD version chnages with time?





  • Thanks to Supermule and heper for the suggestions on vsftpd and pfsense. The changes suggested to vsftpd.conf and pfsense rules have worked well and I can access my server from outside the LAN. Since PASV route's to my IP address and not the LAN address for a local client,  I can not access the server from inside the LAN.

    Like to know the best ways to address this issue. Any comments would be appreciated.



  • Arguably the best solution is to retire FTP entirely and move to SFTP. The FileZilla client supports SFTP. I don't believe vsftpd supports SFTP (there are some sites claiming it does, but those I looked at are talking about FTPS - FTP over SSL, which is a different thing entirely). proftpd with mod_sftp installed does support SFTP.

    Don't forget SFTP defaults to using the SSH port, TCP port 22. If necessary, you can use an alternate TCP port of your choosing.


Log in to reply