Jason,
what you say is interesting, i mean, weigh up between open ports or use
active connections...hum... i'll think about it!
Thnx!
jonahtan
Jason J. Ellingson wrote:
I had to use a passive port range (I chose 5000-5099) on the FTP server
software and then open a firewall rule for those ports to that server. I
don't like it, but at least it works for me for now. I see the FTP
helper/proxy correctly changing the PORT commands, but the firewall states
aren't allowing the connection through.
------------------------------------------------------------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-----Original Message-----
From: jonathan gonzalez [mailto:[EMAIL PROTECTED]
Sent: Monday, October 24, 2005 4:18 PM
To: [email protected]
Subject: Re: [pfSense Support] passive ftp (strike 2)
Scott,
i put a rule as you told me but this doesn't seems to work. The only way
to enable ftp (active) is de-activating the ftp-helper.
This is a snippet of the ftp window in my workstation:
<SNIP>
220-Local time is now 23:05. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
[...]
ftp> ls
200 PORT command successful
150 Connecting to port 3378
[...]
ftp> passive
Passive mode on.
ftp> ls -l
227 Entering Passive Mode (192,168,1,11,237,181)
ftp: connect: No route to host
ftp>
ftp>
ftp> passive
Passive mode off.
ftp> ls -l
200 PORT command successful
150 Connecting to port 3380
[...]
226-Options: -l
226 4 matches total
</SNIP>
As you can see active connections works but passive don't. The
negotiated port within the connection is 60853 ((256*237) + 181). My ftp
server (pure-ftpd) is allowing passive ports from 49000 to 65000 (49000
that is the first port that pfSense understands as available for passive
transfers as i saw in the internal code) so it shows the passive ftp is
not yet working :(
Any ideas?
Hope this helps.
Regards,
jonathan
Scott Ullrich wrote:
Do you have a rule permitting traffic from the WAN interface to
127.0.0.1? If not, try this.
On 10/24/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote:
Scott,
0.89.2
built on Sat Oct 22 22:16:29 UTC 2005
jonathan
Scott Ullrich wrote:
What version?
On 10/24/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote:
Hi group,
i keep on having trouble while access my ftp server on one of my lan's
from internet.
Active ftp works fine, but, even if we have discussed this in the past
and a ticket in the cvs were opened to solve somehow this issue
something seems to be present yet arround this theme.
I tried, as i said, to ftp from internet to my ftp server but i'm
unable. If i disable ftp-helper it works in active mode but passive ftp
won't (of course there's not ftp-helper running).
Also i think (i should test it more times) that the pftpx command do not
update the ip address in the '-b' flag (the public ip) when the wan
interface is dynamic, so in some cases the pftpx command is running in
the pfSense box with an ip address for the '-b' flag that is not the
configured in the WAN interface.
I think you should take this into consideration for future releases.
I look forward someone to help me telling me if someone else is having
the same behaviour in their boxes.
Thanks in advance.
jonathan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
