FreeBSD and midnight commander

I got problem, let me draw connection scheme:


Code:
Client (MC on Freebsd 10.2 @ virtualbox controlled by windows)
|
Passive FTP connection
|
Server FreeBSD 10.2 with ProFTPD inside jail (pf as firewall)



Code:
pf: rdr pass on $extIf proto tcp from any to w.x.y.z port { 20, 21, 60000:65000 } -> 10.10.10.1

proftpd: PassivePorts 60000 65000


And the problem:

1. MC with the same configuation connects to other FTP

2. standard FTP client from FreeBSD system connect to passive FTP at w.x.y.z machine without any problem

3. MC logged in (at server have confirmation) but I have for some time message:
Code:
 ftpfs: Reading FTP directory ... (strict rfc959)(chdir first)
and after a while got
Code:
Cannot chdir to ....

Any ideas how to solve this problem?
 
FTP is notoriously tricky to firewall. The "problem" is that FTP will create a data channel on some random port on the client (active) or server (passive). Both active and passive are going to be an issue when both the client and the server are firewalled (or even more problematic, behind NAT). You can have a go with ftp-proxy(8), it looks at the FTP commands and can open ports dynamically based on the PORT commands. I've never used it myself though, I tend to steer clear of FTP.

Alternatively you may want to use SFTP. It's a subsystem of SSH. It works just like FTP except that it's tunneled through an SSH session. Not only does this improve security due to the encryption it's also infinitely easier to firewall (you only need access to port 22). For Windows clients I can highly recommend WinSCP.
 
SFTP works fine, but i need FTP too, i'm curious why sytem "ftp" command works but ftp from mc not, it just simply hangs, both are set to passive both on the same machine as client. What difference is between this two?
 
Back
Top