PF PF + ftp-proxy problems

manveeru

New Member


Messages: 2

Hello:)
I have a problem with ftp-proxy.
The rules in pf are set as standard:

Code:
nat-anchor "ftp-proxy / *"
rdr-anchor "ftp-proxy / *"
rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy / *"
pass out quick proto tcp from any to any port ftp keep state
When I try to connect with server via Filezilla, I have this message:

Code:
Status: Connection established, waiting for welcome message ...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Retrieving directory listing ...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Error: Connection closed by server
Error: Failed to retrieve directory listing
And in my logs I have something like this:

Code:
Jun 9 10:55:27 RUTER ftp-proxy [1145]: # 5 pf operation failed: Invalid argument
Jun 9 10:55:27 RUTER ftp-proxy [1145]: # 6 pf operation failed: Invalid argument
I am asking for advice because I do not know where to look for the problem. Exactly the same configuration on the other router works fine. The system is FBSD 12.2-STABLE
 

covacat

Well-Known Member

Reaction score: 170
Messages: 365

if you use passive ftp you don't need any proxies, nat helpers, etc
it just works like any other service (you still have 2 connections per session)
 
OP
M

manveeru

New Member


Messages: 2

damn... you are right. I thought if you are always behind NAT, you must use ftp-proxy ... thank you :)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 11,559
Messages: 37,877

Clients needs a proxy if you're using "active mode"
That's why I specifically said passive FTP clients. With active clients you're going to run into problems with your network modem/router, as most people are likely to have one on their home connection.
 
Top