Strange FTP Behavior.
-
I have two vsftpd servers running localy with ftps (SSL) enabled, both servers has listing port 21.
I have port forwarded the ports in pfsense firewall.
Server 1 = port 21 to port 21 on 192.168.1.2
Server 2 = port 2121 to port 21 on 192.168.1.3Login from outside working great to server 2 on port 2121, but on server 1 on port 21 is stopping up and I got a error, please see attached screenshot.
It must be something with Pfsense, because If I change from 21 to 990 in the firewall example, then it works…. strange?Pfsense handel something different with port 21 then other random ports?
If something is not clear please ask, thank you for your time!
-
Sure looks like 21 is just not getting to pfsense.. Blocking of port 21 would be a common isp thing for sure.. Validate traffic is getting to pfsense from the outside on 21, it can not forward what it does not see.
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Sure looks like 21 is just not getting to pfsense.. Blocking of port 21 would be a common isp thing for sure.. Validate traffic is getting to pfsense from the outside on 21, it can not forward what it does not see.
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
21 port without encryption is working, so it only now when I try to use ftps.
So phsense dosent do anyting different?
I have used 21 with ftps eralier with same ISP.
-
What version of pfsense are you using? If OLDER version then it had the ftp helper/proxy – but that was removed many versions ago.
-
What version of pfsense are you using? If OLDER version then it had the ftp helper/proxy – but that was removed many versions ago.
okey, I have 2.1.5-RELEASE.
-
Why do people run such old versions… I just don't get it... Yes that version had a ftp proxy/helper that will modify stuff in the stream to allow users to use passive/active connections depending direction.. But when using ftps or ftpes where pfsense can not see the data in the control channel your going to have to do the port forwarding on your own.
So are you running passive or active connection from outside?
You want a simple solution that is SECURE.. switch to sftp... Why anyone still plays around with ftp be it using ssl or not just blows my mind.. With sftp your data and control over only 1 port, there is not this split control and data ports and none of the direction issue on who connects to who on the data port.. Just whatever port you want to use or just the standard ssh port of 22.
If you want my advice I would say drop this antiquated/depreciated hold on ftp and just move to sftp..
-
Why do people run such old versions… I just don't get it... Yes that version had a ftp proxy/helper that will modify stuff in the stream to allow users to use passive/active connections depending direction.. But when using ftps or ftpes where pfsense can not see the data in the control channel your going to have to do the port forwarding on your own.
So are you running passive or active connection from outside?
You want a simple solution that is SECURE.. switch to sftp... Why anyone still plays around with ftp be it using ssl or not just blows my mind.. With sftp your data and control over only 1 port, there is not this split control and data ports and none of the direction issue on who connects to who on the data port.. Just whatever port you want to use or just the standard ssh port of 22.
If you want my advice I would say drop this antiquated/depreciated hold on ftp and just move to sftp..
Properly a old tradition :) As I see it is it safe to us, but running data transfer over ssl port 22 have some limitation on speed, when I`m testing I can see it slower… Any way I want o use FTPs for now :)
I tried to upgrade pfsense to latest version, same issue.....
It has to be something with port 21 and pfsense as I see it.
-
Dude are u using active or passive? I can tell u this takes all of 15 seconds to set up have u gone over port forwarding trouble shoot guide? I am on phone or would link. Pfsense does nothing with port 21 especially when its encrypted and can not even tell its ftp
-
Dude are u using active or passive? I can tell u this takes all of 15 seconds to set up have u gone over port forwarding trouble shoot guide? I am on phone or would link. Pfsense does nothing with port 21 especially when its encrypted and can not even tell its ftp
passive.
Yes have tried a guide i found for faultfinding on internett…
The funny thing is it, when I change a random port from 21 on pfsense example WAN 850 to 21 on 192.168.1.2 its working... hehe so tis only happens with 21
on WAN IP... so if you say that pfsense dosen`t do anything.. it has to be my ISP. -
In passive conection servers says come talk to me on port x
http://slacksite.com/other/ftp.htmlSo u have to forward those ports
But from what u were showing its not even making a control connection
