Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to transfert data in FTP Active mode from a FTP server behind pfsense

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      raphaelk
      last edited by

      Hi guys,
      I'm really confused with what occurs on my setting : I don t understand why the FTP active mode doesn t work with my pfsense box.
      First my config :

      Client connect to 21 port on our public IP and it is natted to the 21 port of our internal FTP server (Filezilla FTP server).

      Then the behaviour :

      In passive mode, the FTP server is setup to use a range of high TCP port. These ports are opened and forwarded to the FTP server. This work properly, as expected. Client can get and put files.

      In active mode, the client can authenticate, and send the IP/destination port the server has to connect to establish the data channel. At this moment, the FTP server logs "unable to open data port".
      At the beginning, we blamed the Client nat settings. But the same client can make some active FTP transfert with some other FTP server.

      I checked the outgoing rules from the LAN interface, but there is nothing but just one rule that allow everything to go through. The bad stuff is in the log of the pfsense doesn t really help.

      I just can t understand why the active FTP is failing.

      Many thanks for your precious help on this topic !

      /R

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Congratulations for starting 999th duplicate of the same topic. Missed the jackpot just by one…

        https://doc.pfsense.org/index.php/FTP_without_a_Proxy
        http://www.slacksite.com/other/ftp.html
        https://forum.pfsense.org/index.php?action=search

        1 Reply Last reply Reply Quote 0
        • R
          raphaelk
          last edited by

          Damned ! So close !
          I've made some research first before posting this topic. The ftp_without_a_proxy link said :

          A server behind pfSense would work fine with active mode, there would be no difference here. In active mode the server would make outbound connections back to the client, so as long as the firewall rules on the interface containing the server allow outbound connections, it will work.

          As I have the default outbound rule, I just dont understand why the outgoing FTP server connection seems to fail.

          Anyway, I will try harder !

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.