I had to use a passive port range (I chose 5000-5099) on the FTP server software and then open a firewall rule for those ports to that server. I don't like it, but at least it works for me for now. I see the FTP helper/proxy correctly changing the PORT commands, but the firewall states aren't allowing the connection through. ------------------------------------------------------------ Jason J Ellingson
615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -----Original Message----- From: jonathan gonzalez [mailto:[EMAIL PROTECTED] Sent: Monday, October 24, 2005 4:18 PM To: support@pfsense.com Subject: Re: [pfSense Support] passive ftp (strike 2) Scott, i put a rule as you told me but this doesn't seems to work. The only way to enable ftp (active) is de-activating the ftp-helper. This is a snippet of the ftp window in my workstation: <SNIP> 220-Local time is now 23:05. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. [...] ftp> ls 200 PORT command successful 150 Connecting to port 3378 [...] ftp> passive Passive mode on. ftp> ls -l 227 Entering Passive Mode (192,168,1,11,237,181) ftp: connect: No route to host ftp> ftp> ftp> passive Passive mode off. ftp> ls -l 200 PORT command successful 150 Connecting to port 3380 [...] 226-Options: -l 226 4 matches total </SNIP> As you can see active connections works but passive don't. The negotiated port within the connection is 60853 ((256*237) + 181). My ftp server (pure-ftpd) is allowing passive ports from 49000 to 65000 (49000 that is the first port that pfSense understands as available for passive transfers as i saw in the internal code) so it shows the passive ftp is not yet working :( Any ideas? Hope this helps. Regards, jonathan Scott Ullrich wrote: > Do you have a rule permitting traffic from the WAN interface to > 127.0.0.1? If not, try this. > > On 10/24/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote: > >>Scott, >> >>0.89.2 >>built on Sat Oct 22 22:16:29 UTC 2005 >> >> >>jonathan >> >> >> >>Scott Ullrich wrote: >> >>>What version? >>> >>>On 10/24/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote: >>> >>> >>>>Hi group, >>>> >>>>i keep on having trouble while access my ftp server on one of my lan's >>> >>>>from internet. >>> >>>>Active ftp works fine, but, even if we have discussed this in the past >>>>and a ticket in the cvs were opened to solve somehow this issue >>>>something seems to be present yet arround this theme. >>>> >>>>I tried, as i said, to ftp from internet to my ftp server but i'm >>>>unable. If i disable ftp-helper it works in active mode but passive ftp >>>>won't (of course there's not ftp-helper running). >>>> >>>>Also i think (i should test it more times) that the pftpx command do not >>>>update the ip address in the '-b' flag (the public ip) when the wan >>>>interface is dynamic, so in some cases the pftpx command is running in >>>>the pfSense box with an ip address for the '-b' flag that is not the >>>>configured in the WAN interface. >>>> >>>>I think you should take this into consideration for future releases. >>>> >>>>I look forward someone to help me telling me if someone else is having >>>>the same behaviour in their boxes. >>>> >>>>Thanks in advance. >>>> >>>>jonathan >>>> >>>> >>>> >>>> >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
