Bug #3111
closed
Passive FTP does not pass through pfSense with debug.pfftpproxy=0 (default)
0%
Description
Since upgrade from 2.1-BETA to 2.1-RC0 7 Jun 2O13 snapshot, passive ftp from LAN to WAN function from time to time : a CLI connection show that, sometimes, a 'ls' command hangs when using PASV, while it pass correcly on others tries.
After investigation, it seems that the pfftpproxy does not always add all the connections states concerning the passive ftp connection, those not added are blocked by the default block firewall rule.
Bug also confirmed with last snapshot of today (2.1-RC0 (amd64)
built on Thu Jul 25 16:29:49 EDT 2013
FreeBSD pfsense1.ccfd-terresolidaire.org 8.3-RELEASE-p8 FreeBSD 8.3-RELEASE-p8 #1: Thu Jul 25 17:03:07 EDT 2013 root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 amd64)
Updated by Jonathan Raffre almost 12 years ago
As a test case, ftp.dd-wrt.com allow to exhibit the bug.
Updated by Jonathan Raffre almost 12 years ago
Confirming the problem with pfftpproxy, this appears only when removing the default allow LAN to any and replacing this with more specifics rules : I've been able to reproduce it on a clean install allowing only ports 21, 53, 80 and 443.
Leaving the default allow rule on LAN does not 'show' the problem.
Updated by Jonathan Raffre almost 12 years ago
Bug no longer exists on latest snapshots following the revert of all latest patches on FTP Proxy.
Updated by Chris Buechler almost 12 years ago
- Status changed from New to Resolved