Hi,
Is there a way for allowing passive ftp on pfsense?
I don't want to give permit all ports between 1024 - 65535
Cihan
On Fri, Jun 11, 2010 at 5:20 AM, Cihan Saglamoz
cihan.sagla...@gmail.com wrote:
Hi,
Is there a way for allowing passive ftp on pfsense?
Use the FTP helper.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For
I used it. But problem still goes on.
on ftp helper I checked *Disable the userland FTP-Proxy application
is that true?
I'm not using nat. I have public ip's on LAN interface. I have routing on
isp's router. They routed my public ip blocks to my firewalls wan interface.
Do you have any
I used it. But problem still goes on.
on ftp helper I checked *Disable the userland FTP-Proxy application
is that true?
I'm not using nat. I have public ip's on LAN interface. I have routing on
isp's router. They routed my public ip blocks to my firewalls wan interface.
Do you have any
On Fri, Jun 11, 2010 at 12:48:43PM +0300, Cihan Saglamoz wrote:
I used it. But problem still goes on.
on ftp helper I checked *Disable the userland FTP-Proxy application
is that true?
I'm not using nat. I have public ip's on LAN interface. I have routing on
isp's router. They routed
Cihan Saglamoz wrote:
Hi,
Is there a way for allowing passive ftp on pfsense?
I don't want to give permit all ports between 1024 - 65535
Cihan
Your client behind pfSense wants to connect to public FTP-server
somewhere outside?
Or client from somewhere outside want to connect to FTP-server
Client from somewhere wants to connect to the ftp servers (more than 1)
behind the pfsense..
Cihan SAĞLAMÖZ
On Fri, Jun 11, 2010 at 4:25 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote:
Cihan Saglamoz wrote:
Hi,
Is there a way for allowing passive ftp on pfsense?
I don't want to
Client from somewhere wants to connect to the ftp servers (more than 1)
behind the pfsense.
Cihan
On Fri, Jun 11, 2010 at 4:25 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote:
Cihan Saglamoz wrote:
Hi,
Is there a way for allowing passive ftp on pfsense?
I don't want to give permit all
Cihan Saglamoz wrote:
Client from somewhere wants to connect to the ftp servers (more than
1) behind the pfsense..
Cihan SAĞLAMÖZ
On Fri, Jun 11, 2010 at 4:25 PM, Evgeny Yurchenko
evg.yu...@rogers.com mailto:evg.yu...@rogers.com wrote:
Cihan Saglamoz wrote:
Hi,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey, i have a problem with ftp.
In my work i have a two network:
1) users - router1 - router2 - internet
2) users - router2 - internet
First:
If i try to connect in a ftp server in a internet in the setup 1 the
users cannot do that if the server
Zhu Sha Zang wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey, i have a problem with ftp.
In my work i have a two network:
1) users - router1 - router2 - internet
2) users - router2 - internet
First:
If i try to connect in a ftp server in a internet in the setup 1 the
users cannot
It's my
understanding that FTP-proxy works only on the interface IP, not on virtual
IPs. Is that correct? If so, that's horribly limiting, especially on
the WAN. Is there no way to configure it for virtual IPs via a shell
command or something?
--Bennett
Am Donnerstag, den 20.07.2006, 11:10 -0500 schrieb Bennett:
It's my understanding that FTP-proxy works only on the interface IP,
not on virtual IPs. Is that correct? If so, that's horribly
limiting, especially on the WAN. Is there no way to configure it for
virtual IPs via a shell command
Well your 100% right, if the IP is set to PARP it will not work, I do have two
instances of pftpx though, one with just the private IP, and then one with
private and public, and all works well now, did have to reboot after setting
the VIP's to CARP and re-adding the firewall rule, but all works
On 6/7/06, Brad Bendy [EMAIL PROTECTED] wrote:
Well your 100% right, if the IP is set to PARP it will not work, I do have two
instances of pftpx though, one with just the private IP, and then one with
private and public, and all works well now, did have to reboot after setting
the VIP's to CARP
I will do this tonight, im not rebooting my primary FW during the day, but I
guess if I had CARP setup I could :) Thats next weeks project.
Will get you a full report tonight!
Thanks again for all the help
On Wednesday 07 June 2006 10:16, Scott Ullrich wrote:
On 6/7/06, Brad Bendy [EMAIL
Hello,
I show the pftpx process is running on my beta4 machine, yet it has my LAN IP
address. In the config.xml I have a disableftpproxy/ yet i have no other
instances of this in the config file anywhere. In the web interface I have it
disabled in the LAN, and enabled in the WAN. I made these
Re enable it for the LAN and WAN.
On 6/5/06, Brad Bendy [EMAIL PROTECTED] wrote:
Hello,
I show the pftpx process is running on my beta4 machine, yet it has my LAN IP
address. In the config.xml I have a disableftpproxy/ yet i have no other
instances of this in the config file anywhere. In the
I have a similar situation and have not been able to make this work. I have a
dual wan policy based setup. Wan interface is DHCP cable modem. OPT1 is DSL
with static IPs. I have tried setting up a port forward for ftp from
OPT1-LAN. This have failed several ways. What are the official
The bottom line is that it should work with the FTP helpers on. I
have invested damn near 80 hours in making FTP work in every situation
that I could. At this point I don't know what to do or say as it
works in every single install that I have access to. Really sorry
that I dont' have more
Support] passive FTP
I have a similar situation and have not been able to make
this work. I have a
dual wan policy based setup. Wan interface is DHCP cable
modem. OPT1 is DSL
with static IPs. I have tried setting up a port forward for ftp from
OPT1-LAN. This have failed several ways
FTP is just evil, I wish people would stop using it!!! Is a reboot required
when you make changes to the FTP helper? Anyway I can just force the
ftpproxy, mine is showing the LAN IP (but I havent rebooted yet).
Thanks
Brad
On Monday 05 June 2006 15:51, Scott Ullrich wrote:
The bottom line is
On 6/5/06, Brad Bendy [EMAIL PROTECTED] wrote:
FTP is just evil, I wish people would stop using it!!! Is a reboot required
when you make changes to the FTP helper? Anyway I can just force the
ftpproxy, mine is showing the LAN IP (but I havent rebooted yet).
It may just require a reboot. Give
Actually, upon looking at this again, the pftpx application is running with
arguments of -c 8021 and -g 8021 and then the LAN IP address. How does it
know what ports it supposed to use? Im using standard 21 and then 3-35000
for the data ports, im going to do some more in depth research on
On 6/6/06, Brad Bendy [EMAIL PROTECTED] wrote:
Right now FTP helper is on WAN and LAN, and the output of ps awux | grep pftpx
shows:
/usr/local/sbin/pftpx -c 8021 -g 8021 192.168.xxx.xxx
Not even 2 IP's at all.
Also, the IP above is LAN IP of the firewall not the server that FTP is
running on
Ive removed and re-added the FTP NAT entry. It did say it added a entry for
FTP helper, but all I see is a firewall rule that adds all port 21 for LAN
and WAN, and I dont see any deny's in the firewall log. Any reason I cant run
this command manually that you would be aware of?
Thanks again
On 6/6/06, Brad Bendy [EMAIL PROTECTED] wrote:
Ive removed and re-added the FTP NAT entry. It did say it added a entry for
FTP helper, but all I see is a firewall rule that adds all port 21 for LAN
and WAN, and I dont see any deny's in the firewall log. Any reason I cant run
this command
I think it wont let me setup the WAN address becuase that address is being
used by choparp, I have to set my WAN IP's to use proxy ARP because of a
strange reason with my carrier. Could that be causing this entire fiasco?
On Monday 05 June 2006 22:00, Scott Ullrich wrote:
On 6/6/06, Brad
I am using an ftp-server behind pfsense (beta4) with NAT.
I have problems with ftp-clients in passive mode witch are also behind a
firewall with NAT to browse the ftp-directory.
I know there were few discussions about this, but is
there a solution or workaround to get it working?
On Jun 1, 2006, at 13:37 , Bernhard Ledermann wrote:
I am using an ftp-server behind pfsense (beta4) with NAT. I have
problems with ftp-clients in passive mode witch are also behind a
firewall with NAT to browse the ftp-directory.
I know there were few discussions about this, but is there
Enable the FTP helper on Interfaces - WAN. Reboot.
On 6/1/06, Bernhard Ledermann [EMAIL PROTECTED] wrote:
I am using an ftp-server behind pfsense (beta4) with NAT. I have problems
with ftp-clients in passive mode witch are also behind a firewall with NAT
to browse the ftp-directory.
I
Scott Ullrich wrote:
Enable the FTP helper on Interfaces - WAN. Reboot.
Should the FTP helper then run and be bound to the WAN-interface?
I can see all the other FTP-helpers bound on most other interfaces, but
I can't see it being bound to the WAN.
(This on a late post-beta2-snapshot)
On 6/1/06, Rainer Duffner [EMAIL PROTECTED] wrote:
Should the FTP helper then run and be bound to the WAN-interface?
I can see all the other FTP-helpers bound on most other interfaces, but
I can't see it being bound to the WAN.
(This on a late post-beta2-snapshot)
Why are you asking about
OK so now on my 3rd attempt with fresh installs, it's still not working,
and again I have rules that are logging a pass, and I have no rules set
to log passes, only the default block. There's some bug here but damned
if I could say for sure whats triggering it.
On Sun, 2006-04-30 at 14:58
I just got back home and was taking a quick look at things before bed,
and for some reason I'm getting an error loading the rule set
exactly -f /tmp/rules.debug
/tmp/rules.debug:95: macro 'opt1' not defined
/tmp/rules.debug:95: syntax error
/tmp/rules.debug:96: macro 'opt1' not defined
cvs_synch.sh again and see if they go away.
On 4/30/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I just got back home and was taking a quick look at things before bed,
and for some reason I'm getting an error loading the rule set
exactly -f /tmp/rules.debug
/tmp/rules.debug:95: macro
I reverted to a ruleset from yesterday; whatever is causing the issue i'm
having is really odd. i've taken my failover box and am going to rebuild
from scratch
On Sun, 30 Apr 2006, Scott Ullrich wrote:
cvs_synch.sh again and see if they go away.
On 4/30/06, Derrick MacPherson [EMAIL
Hmm. reaset rules set to default
Added on WAN:
rules to https to Outlook Web Access (OWA) box
rules for access to Nortel VPN device in the DMZ.
rule to route traffic from mail relay host in dmz to internal
rulle to allow ftp (21) to machine in DMZ
Added on OPT1 (DMZ):
Ports to allow
Do I need a permit on the WAN interface for passive ports?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Do I need a permit on the WAN interface for passive ports?
No, the FTP helper automatically installs rules.
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
Scott Ullrich wrote:
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Do I need a permit on the WAN interface for passive ports?
No, the FTP helper automatically installs rules.
OK thats what I thought.. I'm seeing this being blocked:
WAN x.x.x.x:52336 10.0.0.10:54473
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Do I need a permit on the WAN interface for passive ports?
No, the FTP helper automatically installs rules.
OK thats what I thought.. I'm seeing this being
Scott Ullrich wrote:
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Do I need a permit on the WAN interface for passive ports?
No, the FTP helper automatically installs rules.
OK thats what I thought..
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
should the ftp helper be handling this block?
DMZ 10.0.0.10:20x.x.x.x:55628 TCP
Yes.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
ok i've now spun myself to a point of being confused..
can i get a brief discussion of what i need to get ftp working; what
changes to the lan and dmz do i need to make?
i've ben playing with this too much that i've lost where i'm going with this
All that is required is to allow the traffic on port TCP/21.
On 4/29/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
ok i've now spun myself to a point of being confused..
can i get a brief discussion of what i need to get ftp working; what
changes to the lan and dmz do i need to make?
i've
I just got back home and was taking a quick look at things before bed,
and for some reason I'm getting an error loading the rule set
exactly -f /tmp/rules.debug
/tmp/rules.debug:95: macro 'opt1' not defined
/tmp/rules.debug:95: syntax error
/tmp/rules.debug:96: macro 'opt1' not defined
Sorry... But I seem to be brain dead...
Co-location server (Downtown):
I have an FTP server behind a 1:1 NAT on the OPT1 interface and FTP Proxy
enabled only on OPT1 (disabled/checked on WAN).
Personal client (Home):
I have an FTP client behind a normal NAT on the LAN interface and FTP Proxy
Both pfSense boxes are using 4-08-2006 snapshot. I'll give the sync
command a try.
- Jason
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 11, 2006 3:21 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Passive FTP - sorry
This was fixed
It's still not coming up quite right I believe:
lan = { bge0 }
wan = { xl0 carp0 ng0 }
DMZ = { em0 }
SYNC = { em1 }
rdr on $lan proto tcp from any to any port 21 - 127.0.0.1 port 8021
rdr on $DMZ proto tcp from any to any port 21 - 127.0.0.1 port 8022
# enable ftp-proxy
pass in quick on em0
The pass rule for 8021 is further up. Why is this not correct?
On 3/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
It's still not coming up quite right I believe:
lan = { bge0 }
wan = { xl0 carp0 ng0 }
DMZ = { em0 }
SYNC = { em1 }
rdr on $lan proto tcp from any to any port 21 -
Sorry I guess I misread it, it all looks good now.
On Mon, 2006-03-27 at 17:01 -0500, Scott Ullrich wrote:
The pass rule for 8021 is further up. Why is this not correct?
On 3/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
It's still not coming up quite right I believe:
lan = {
It may look okay, but does it work? :)
On 3/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Sorry I guess I misread it, it all looks good now.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
If you are running on a full install, please issue:
cvs_sync.sh releng_1 /etc/rc.filter_configure
And see if the problem is fixed.
Thanks!
On 3/25/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Yep, that'll do it. I'll get that fixed up in a sec.
On 3/25/06, Derrick MacPherson [EMAIL
I don't have outbound passive FTP working for machines in the DMZ, what
the heck am I missing?
I see the default block rule is blocking it, what am I missing?
heres from the status log:
DMZ 10.1.1.150:61272X.X.X.X:50105 TCP
Maybe this will help?
http://faq.pfsense.com/index.php?action=artikelcat=10id=103artlang=enhighlight=ftp
On 3/25/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I don't have outbound passive FTP working for machines in the DMZ, what
the heck am I missing?
I see the default block rule is
I don't think thats it, I have that rule on my LAN and the DMZ
interfaces, but it's not working. It now appears that as well inbound
FTP is not working at all.
more info in a bit, spam assassin has just died on me
On Sat, 2006-03-25 at 12:50 -0500, Scott Ullrich wrote:
Maybe this will help?
I fixed some FTP helper issues on inbound from WAN-LAN[DMZ], etc.
Try cvs_sync.sh releng_1 and see if it helps. Otherwise after bootup
you have to run /etc/rc.filter_configure a second time for it to
install the helper correctly.
On 3/25/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I don't
I'm not sure if this helps, in the rules.debug I see:
# FTP Proxy/helper
rdr on $lan proto tcp from any to any port 21 - 127.0.0.1 port 8021
rdr on $DMZ proto tcp from any to any port 21 - 127.0.0.1 port 8022
and below that a little ways:
# enable ftp-proxy
pass in quick on em0 inet proto tcp
Yep, that'll do it. I'll get that fixed up in a sec.
On 3/25/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I'm not sure if this helps, in the rules.debug I see:
# FTP Proxy/helper
rdr on $lan proto tcp from any to any port 21 - 127.0.0.1 port 8021
rdr on $DMZ proto tcp from any to any
I'm trying to set up the following:
/ - CARP
WAN int (PFSENSE BOX)- LAN
\- DMZ
I want to have nat on the LAN, bi-nat on the DMZ, filtering incoming and
outgoing traffic. I'm close, but I've had issues with trying to get this
all working; I can't get outbound PASV ftp from
Fixed in latest testing snapshot. Please update.
On 3/2/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I'm trying to set up the following:
/ - CARP
WAN int (PFSENSE BOX)- LAN
\- DMZ
I want to have nat on the LAN, bi-nat on the DMZ, filtering incoming and
outgoing
Thanks Scott,
Should I be grabbing
http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-19-06/
for that?
Sorry I'm not quite if this is the latest or if there's some other
method to get it
On Thu, 2006-03-02 at 10:44 -0500, Scott Ullrich wrote:
Fixed in latest testing snapshot. Please
Yep, thats it.
On 3/2/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
Thanks Scott,
Should I be grabbing
http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-19-06/
for that?
Sorry I'm not quite if this is the latest or if there's some other
method to get it
On Thu, 2006-03-02 at
On Thu, 2006-03-02 at 12:12 -0500, Scott Ullrich wrote:
FTP is handled by rules behind the scene. The rules you are showing
us mean nothing to it.
Sorry this might be a bit ugly sending everything, but here goes:
scrub on xl0 all fragment reassemble
anchor ftpsesame/* all
anchor
On Thu, 2006-03-02 at 14:02 -0500, Scott Ullrich wrote:
Looks fine to me. Not really sure what is going on as FTP works fine here.
Like I said, works fine on the LAN interface, not the DMZ interface.
Perhaps there's something else in the pfsense config i'm missing.
do I have to set a 1:1 NAT
Shouldnt need to do any of this, no. I'll try to make some time to
bring up a box and test this but my next 4 days are going to be tough
to find extra time.
On 3/2/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
On Thu, 2006-03-02 at 14:02 -0500, Scott Ullrich wrote:
Looks fine to me. Not
currently:
x.x.x.89 is the WAN interface
x.x.x.68 is the IP binat'd to 10.1.1.150 in the DMZ
If I disable binat to the DMZ machine, outbound passive FTP will work,
but then the machine is not accessible via x.x.x.68
does that help?
On Thu, 2006-03-02 at 14:13 -0500, Scott Ullrich wrote:
Sounds like the bug we fixed after beta1, honestly...
On 3/2/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
currently:
x.x.x.89 is the WAN interface
x.x.x.68 is the IP binat'd to 10.1.1.150 in the DMZ
If I disable binat to the DMZ machine, outbound passive FTP will work,
but then the
On Mar 2, 2006, at 2:12 PM, Derrick MacPherson wrote:
Like I said, works fine on the LAN interface, not the DMZ interface.
Perhaps there's something else in the pfsense config i'm missing.
do I have to set a 1:1 NAT for the machines in my non-routable DMZ?
with snapshot 02-20-06 I have
The firmware autoupdate shows me running
1.0b2rc5
On Thu, 2006-03-02 at 14:24 -0500, Scott Ullrich wrote:
Sounds like the bug we fixed after beta1, honestly...
On 3/2/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
currently:
x.x.x.89 is the WAN interface
x.x.x.68 is the IP binat'd
Ignore auto update, its not working. You need to check the firmware
version on the main status page.
On 3/2/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
The firmware autoupdate shows me running
1.0b2rc5
On Thu, 2006-03-02 at 14:24 -0500, Scott Ullrich wrote:
Sounds like the bug we fixed
ya I knew that, sorry I wasn't sure where else that was listed, I keep
forgetting about the default page:
TESTING-SNAPSHOT-02-20-06
On Thu, 2006-03-02 at 14:29 -0500, Scott Ullrich wrote:
Ignore auto update, its not working. You need to check the firmware
version on the main status page.
So daily I use the term PEBKAC when referring to some of the silly
problems I tend to see people come to me with on a day to day basis.
Well this problem turns out is my own PEBKAC. There was an old entry for
a PROXY ARP that was causing the problem, all is good now.
Thanks Scott for your help,
What version?
On 10/24/05, jonathan gonzalez [EMAIL PROTECTED] wrote:
Hi group,
i keep on having trouble while access my ftp server on one of my lan's
from internet.
Active ftp works fine, but, even if we have discussed this in the past
and a ticket in the cvs were opened to solve somehow
Do you have a rule permitting traffic from the WAN interface to
127.0.0.1? If not, try this.
On 10/24/05, jonathan gonzalez [EMAIL PROTECTED] wrote:
Scott,
0.89.2
built on Sat Oct 22 22:16:29 UTC 2005
jonathan
Scott Ullrich wrote:
What version?
On 10/24/05, jonathan gonzalez
Scott,
i put a rule as you told me but this doesn't seems to work. The only way
to enable ftp (active) is de-activating the ftp-helper.
This is a snippet of the ftp window in my workstation:
SNIP
220-Local time is now 23:05. Server port: 21.
220-This is a private system - No anonymous login
24, 2005 4:18 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] passive ftp (strike 2)
Scott,
i put a rule as you told me but this doesn't seems to work. The only way
to enable ftp (active) is de-activating the ftp-helper.
This is a snippet of the ftp window in my workstation:
SNIP
220
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: jonathan gonzalez [mailto:[EMAIL PROTECTED]
Sent: Monday, October 24, 2005 4:18 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] passive ftp (strike 2)
Scott,
i put a rule
hi,
i would like to know how to enable passive ftp transfers thru pfsense
because opening 21/tcp and 20/tcp|20/udp seems not to be enough (what
about the dynamically open ports to allow such type of connection?)
TIA,
Rgds,
jonathan
Hi,
I've got passive ftp going, here's the relevant rules. I'm trying to get
active working and that is not.
Thanks.
Dave.
rules
ext_if = rl0
int_if = xl0
int_net=$int_if:network
tcp_state=flags S/SA modulate state
# translate lan client addresses to that of the external interface
nat on
Hi Dave [hi all],
when i said passive ftp i was thinking in allow passive ftp to work
from external clients to my server, which is hosted behind pfsense.
I understand that your comment only applies to internal to external
connections, isn't it?
TIA,
Rgds,
jonathan
On 10/10/05, Dave [EMAIL
As of 0.86.4 there should be a automatic ftp helper that is launched
for internet - lan ftp redirections. Make sure you're on the latest
version.
Scott
On 10/10/05, Jonathan Gonzalez [EMAIL PROTECTED] wrote:
Hi Dave [hi all],
when i said passive ftp i was thinking in allow passive ftp to
At 11:13 AM 10/10/2005, you wrote:
As of 0.86.4 there should be a automatic ftp helper that is launched
for internet - lan ftp redirections. Make sure you're on the latest
version.
Hmmm, I'm on 0.86.4 now, and it doesn't work for me. I went to an
external linux server and ftp'ed back in to
No route to host seems a little odd. Where did you start the ftp from
and where was it going to (lan - dmz)?
-Original Message-
From: Dan Swartzendruber [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 10:24 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] passive ftp
10, 2005 10:24 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] passive ftp
At 11:13 AM 10/10/2005, you wrote:
As of 0.86.4 there should be a automatic ftp helper that is launched
for internet - lan ftp redirections. Make sure you're on the latest
version.
Hmmm, I'm on 0.86.4 now
At 11:46 AM 10/10/2005, you wrote:
Oh sorry I didn't read this very well. I'm guessing the problem has to
do with the ftp proxy (pftpx) saying the data channel is on 10.0.0.2.
227 Entering Passive Mode (10,0,0,2,191,87) - 10,0,0,2
ah, yeah, i didn't notice that either. not enough coffee, i
Hi,
Yes, my comment was internal connections to external servers.
Dave.
- Original Message -
From: Jonathan Gonzalez [EMAIL PROTECTED]
To: support@pfsense.com
Sent: Monday, October 10, 2005 10:59 AM
Subject: Re: [pfSense Support] passive ftp
Hi Dave [hi all],
when i said passive ftp
At 12:44 PM 10/10/2005, you wrote:
This is what the man page says for the -f switch.
-f address
Fixed server address. The proxy will always connect to the
same
server, regardless of where the client wanted to connect to
(before it was redirected). Use
At 04:38 PM 10/10/2005, you wrote:
Well I'm not sure to tell you the truth. I wonder if binding it to the
inet facing ip would fix it. The only this is this would remove the need
for nat as you would have the proxy handle all the hand offs. :/
Try this. Kill pftpx (only the one with the -c 21
File a ticket on cvstrac and I will change the behavior to start the
ftp helper using:
/usr/local/sbin/pftpx -b $inet-address -c 21 -f 10.0.0.2 -g 21
Scott
On 10/10/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
At 04:38 PM 10/10/2005, you wrote:
Well I'm not sure to tell you the truth. I
At 05:04 PM 10/10/2005, you wrote:
File a ticket on cvstrac and I will change the behavior to start the
ftp helper using:
/usr/local/sbin/pftpx -b $inet-address -c 21 -f 10.0.0.2 -g 21
Roger. Thx!
-
To unsubscribe,
92 matches
Mail list logo