pfSense Gold Subscription

Author Topic: ftp issues  (Read 3476 times)

0 Members and 1 Guest are viewing this topic.

Offline xibalba

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
ftp issues
« on: October 12, 2006, 11:28:40 am »
hello, i have a couple servers in a data center sitting behind a pfSense machine on their own private network. When I try to access ftp sites to download tarball packages for my freebsd machine, i recieve the following on almost ever ftp site.

fetch: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.7.tar.bz2: Operation timed out
=> Attempting to fetch from ftp://ftp.fu-berlin.de/unix/misc/pcre/.
fetch: ftp://ftp.fu-berlin.de/unix/misc/pcre/pcre-6.7.tar.bz2: Operation timed out
=> Attempting to fetch from ftp://ftp.tin.org/pub/libs/pcre/.

Now when I try the above ftp sites from my home computer, it works just fine. Also the Windows 2003 machine at the data center behind the pfSense router has the same issue. Any suggestions? Ftp proxy is turned on.

here is some info i help hopes.

# pfctl -s rules|grep ftp
anchor "ftpsesame/*" all
anchor "ftpproxy" all
anchor "pftpx/*" all
pass in quick on rl0 inet proto tcp from any to 127.0.0.1 port = ftp-proxy keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on rl0 inet proto tcp from any to 127.0.0.1 port = ftp keep state label "FTP PROXY: Allow traffic to localhost"
pass in quick on vr0 inet proto tcp from any port = ftp-data to (vr0) port > 49000 user = 62 flags S/SA keep state label "FTP PROXY: PASV mode data connection"

# sockstat |grep ftp
proxy    pftpx      431   3  tcp4   127.0.0.1:8021        *:*
proxy    pftpx      431   10 dgram  (not connected)
proxy    pftpx      431   12 tcp4   127.0.0.1:8021        192.168.0.12:63264
proxy    pftpx      431   13 tcp4   66.11.117.176:52312   62.243.72.50:21

192.168.0.12 is freebsd

Offline rsw686

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 520
  • Karma: +0/-0
    • View Profile
    • The Reptile File
Re: ftp issues
« Reply #1 on: October 12, 2006, 12:40:11 pm »
Is the FTP proxy turned on, on the LAN interface? Make sure the box that reads disable ftp userland proxy is not checked. If I read what your saying correctly you can't access external FTP sites from behind the pfsense box.

Offline xibalba

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: ftp issues
« Reply #2 on: October 12, 2006, 12:49:24 pm »
the FTP proxy is enabled on the LAN interface and WAN interface. I can ftp into these sites without a hitch, however to get a directory listing or to be able to download a file i must switch ftp into active mode, in passive mode it will just time out.

Offline rsw686

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 520
  • Karma: +0/-0
    • View Profile
    • The Reptile File
Re: ftp issues
« Reply #3 on: October 12, 2006, 01:19:26 pm »
What version of pfsense. Also instead of fetch try just ftp sitename and then go through the commands manually to grab the file. When in passive mode you will see output like

227 Entering Passive Mode (68,100,53,135,235,158)
150 Here comes the directory listing.
public_html
226 Directory send OK.

The numbers in parenthesis are the ip address and I assume port numbers. When I originally had problems with ftp acess from outside to a server behind pfsense this was showing my private ip. When I switched to RC3 I had no more problems.

Offline xibalba

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: ftp issues
« Reply #4 on: October 12, 2006, 01:26:26 pm »
using RC3

bash-2.05b# ftp ftp.csx.cam.ac.uk
Connected to zircon.csx.cam.ac.uk.
220 ProFTPD 1.2.10rc1 Server (University Computing Service ftp server) [zircon.csx.cam.ac.uk]
Name (ftp.csx.cam.ac.uk:reza): anonymous
331 Anonymous login ok, send your complete email address as your password.
Password:
230-      UNIVERSITY OF CAMBRIDGE ANONYMOUS FTP SERVER

 ......
 ......
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub/software/programming/pcre
250 CWD command successful
ftp> ls
229 Entering Extended Passive Mode (|||52473|)
^C
receive aborted. Waiting for remote to finish abort.
ftp> passive
Passive mode: off; fallback to active mode: off.
ftp> ls
200 EPRT command successful
150 Opening ASCII mode data connection for file list
drwxr-xr-x   2 ph10     ftpstaff     4096 Sep 20 09:09 Contrib
-rw-r--r--   1 ph10     ph10         2201 Dec 11  2003 Public-Key
drwxr-xr-x   2 ph10     ftpstaff     4096 Oct  5 15:07 Testing
-rw-r--r--   1 ph10     ftpstaff   261609 Jan  2  2002 pcre-3.9.tar.bz2
......
......
-rw-r--r--   1 ph10     ph10          280 Jul  5 11:28 pcre-6.7.tar.gz.sig
226 Transfer complete.
ftp>

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: ftp issues
« Reply #5 on: October 12, 2006, 01:59:52 pm »
Upgrade to 1.0-RC3e

Offline srs

  • Full Member
  • ***
  • Posts: 138
  • Karma: +0/-0
    • View Profile
Re: ftp issues
« Reply #6 on: August 06, 2007, 07:41:15 pm »
I'm using 1.2rc1 and still having these ftp issues; simple cant read any ftp directory from my lan; any idea?

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +3/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: ftp issues
« Reply #7 on: August 09, 2007, 01:51:40 pm »

Offline srs

  • Full Member
  • ***
  • Posts: 138
  • Karma: +0/-0
    • View Profile
Re: ftp issues
« Reply #8 on: August 15, 2007, 05:35:56 pm »
3. Switch to an alternative firewalling system

:(
 ???

I would not like to do that;

and that wiki page sugestions doesnt worked to me...

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +3/-0
    • View Profile
    • pfSense
Re: ftp issues
« Reply #9 on: August 15, 2007, 06:17:46 pm »
Turn off the ftp helper at interfaces -> LAN.

Offline srs

  • Full Member
  • ***
  • Posts: 138
  • Karma: +0/-0
    • View Profile
Re: ftp issues
« Reply #10 on: August 16, 2007, 04:41:44 pm »
it worked

 ;D ;D :D :D