PF PF + ftp-proxy problems

Hello:)
I have a problem with ftp-proxy.
The rules in pf are set as standard:

Code:
nat-anchor "ftp-proxy / *"
rdr-anchor "ftp-proxy / *"
rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy / *"
pass out quick proto tcp from any to any port ftp keep state
When I try to connect with server via Filezilla, I have this message:

Code:
Status: Connection established, waiting for welcome message ...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Retrieving directory listing ...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Error: Connection closed by server
Error: Failed to retrieve directory listing
And in my logs I have something like this:

Code:
Jun 9 10:55:27 RUTER ftp-proxy [1145]: # 5 pf operation failed: Invalid argument
Jun 9 10:55:27 RUTER ftp-proxy [1145]: # 6 pf operation failed: Invalid argument
I am asking for advice because I do not know where to look for the problem. Exactly the same configuration on the other router works fine. The system is FBSD 12.2-STABLE
 
if you use passive ftp you don't need any proxies, nat helpers, etc
it just works like any other service (you still have 2 connections per session)
 
Clients needs a proxy if you're using "active mode"
That's why I specifically said passive FTP clients. With active clients you're going to run into problems with your network modem/router, as most people are likely to have one on their home connection.
 
Back
Top