Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Software Changes between version 2.1 32 bit and version 2.2.3 64 bit

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    7 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rebuilder
      last edited by

      I have recently done a clean install of pfSense 2.2.3 64 bit on a PowerEdge R200 server. I have been a pfSense user for many years having used version 2.1 32 bit. I had configured 2.1 for use with one WAN and multiple LAN's.

      Rules used for one of the LAN's allowed several specific remote IP's to connect with my VSFTPD file server residing on  (192.168.1.8). This setup worked well and I was able to send files from remote IP's (ones that had specific rules on the pfSense 2.1 32 bit machine) to the local server inside my LAN at (192.168.1.8). I was also able to take files from the server accessing these from the remote IP.

      After the install of version 2.2.3 (64 bit running on PowerEdge R200) I was unable to upload files from the server. FileZilla on the remote IP is telling me at the end of the exchange used to log on to the server:

      “Command: PASV
      Response: 227 Entering Passive Mode (192.168.1.8.147.10)
      Status:      Server sent passive reply with unroutable address. Using server address instead
      Command: LIST
      Error:        Connection timed out
      Error:        Failed to receive directory listing”

      Throughout this process the version of VSFTPD remained the same. The machine it is running on is the same. I don't understand the cause of this issue.

      I would like to know what changes were made between version 2.1 and 2.2.3 that cause the change in pfSense program performance since VSFTPD remains the same for both pfSense installs.

      I understand that configuration changes could be made to VSFTPD to forward the servers real world IP along with specific ports to use when entering passive mode.

      Thank you. Any comments or suggestions you may care to make would be appreciated.

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        Just tell your FTP server to use your WAN ip and the problem is gone.

        And remember to open passive FTP ports in the firewall so it can open connections to the FTP server.

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          https://doc.pfsense.org/index.php/Upgrade_Guide#FTP_Proxy

          1 Reply Last reply Reply Quote 0
          • R
            rebuilder
            last edited by

            Like to pursue the ftp-proxy within free BSD rather than rely upon my ISP holding the assigned IP constant when using the VSFTPD revised config approach.

            Does anyone have any suggestions on how to add and configure ftp-proxy in freeBSD to meet this objective? Also since the proxy inside pfSense has gone away (circa 2.2) will I be obliged to modify each succeeding pfSense upgrade due to freeBSD version chnages with time?

            1 Reply Last reply Reply Quote 0
            • H
              heper
              last edited by

              https://doc.pfsense.org/index.php/FTP_without_a_Proxy

              1 Reply Last reply Reply Quote 0
              • R
                rebuilder
                last edited by

                Thanks to Supermule and heper for the suggestions on vsftpd and pfsense. The changes suggested to vsftpd.conf and pfsense rules have worked well and I can access my server from outside the LAN. Since PASV route's to my IP address and not the LAN address for a local client,  I can not access the server from inside the LAN.

                Like to know the best ways to address this issue. Any comments would be appreciated.

                1 Reply Last reply Reply Quote 0
                • D
                  David_W
                  last edited by

                  Arguably the best solution is to retire FTP entirely and move to SFTP. The FileZilla client supports SFTP. I don't believe vsftpd supports SFTP (there are some sites claiming it does, but those I looked at are talking about FTPS - FTP over SSL, which is a different thing entirely). proftpd with mod_sftp installed does support SFTP.

                  Don't forget SFTP defaults to using the SSH port, TCP port 22. If necessary, you can use an alternate TCP port of your choosing.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.