Hi Need some help,
Have a client who needs to connect out to an a FTP server, since swapping from watchguard to pfsense. Its stopped working. They get the below error.
I tried the same commands from other none pfsense firewalls and it works fine. I tried from multiple PFsense firewalls and its blocked. All rules say LAN - WAN allow all, so i dont know why its not working.
It looks like the FTP server is not happy accepting local connections or it is seeing the connection as local hence the 192.168.0.56 address, the FTP looks to be expecting an Internet or Public Routeable Address not an internal.
Yes,
but it works from sonicwall, draytek and junipers i tested without making any firewall changes. Thats what i dont understand. Willing to pay to get this resolved.
1 Like
FTP should not be used on the internet here in 2019. But it does often require more than just port 21 as there can be a second port open for the data. https://en.wikipedia.org/wiki/File_Transfer_Protocol
https://docs.netgate.com/pfsense/en/latest/troubleshooting/ftp-troubleshooting.html
1 Like
Just as Tom said, if you really need to use FTP - look at something else like SFTP or even SCP. FTP is insecure.
Hi think there is some confusion. I am not hosting the FTP server. The 3rd party requires us to connect to there ftp server and pull some data down. So pfsense somewhere is altering the data that’s getting sent out. So the recieving FTP server is only seeing our LAN IP and not public IP.
As you know getting 3rd party to change there program will be difficult. I don’t understand why it works fine on every other firewall without making any modifications.
Thanks
OK, managed to fix this by installing FTP Proxy Plugin and selecting below.
It mentions some firewall rules being created, but i dont see anything.
1 Like
Always learning here and I too am now having troubles running a connection to / from my FTP server through pfSense. FileZilla is getting blocked somehow since I switched over to pfSense and I’ve actually tried a lot of different things.
I understand FTP is old school and not secure, so I rarely run it but I have an old school parent who likes to trade files with me over FTP on occasion, so I like to turn it on now and then for a brief moment at my home where I’m running a FTP server on a similar old school Netgear readyNAS. That server allows me to call out both the FTP control port as well as a range of ports for data xfer. I have port forwarded both in pfSense, but cannot get a connection to work. I’ve tried utilizing the FTP Client Proxy as well, but still no luck.
My questions are: 1) is there an additional ‘outbound’ NAT rule that needs to be made which would allow the data from my readyNAS’s FTP server out the door? and 2) could any pc firewall, also running on the LAN, somehow be interfering? In theory, none of this traffic should be going through or near my pc.
I guess a last question would be can anyone recommend either an individual or a service that I could pay to help me resolve this while at the same time furthering my pfSense understanding? I have a few other home/office based issues that I’d look to learn best practices on to help add to someone’s time if that helps.
Thanks.
Hi- I just wanted to provide an update now that I’ve resolved this issue- well, what can I say, oldschool is oldschool and the FTP server that I was attempting to connect to was running TLS 1.0 but the newest Filezilla FTP Client defaults to TLS 1.2, so it was getting through the pfSense firewall only to have the TLS mismatch cause the server to shut down the connection. Fortunately, in the Filezilla FTP Client settings (general settings), there is an option to select the oldschool TLS version 1.0 which I did, and voila! Success! Anyway, I know it’s not secure at all, but again, only to run for fairly short moments in time when my oldschool parent wants to grab a file or two from me. Thanks all.