Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
passive ftp clients behind the firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: passive ftp clients behind the firewall (Read 7505 times)
nj44451
Newbie
Posts: 15
Karma: 0
passive ftp clients behind the firewall
«
on:
March 02, 2018, 07:20:20 pm »
Just last night I upgraded to OPNsense 18.1.2_2-amd64 and since the upgrade none of the computers that have FTP clients running on them can access an FTP server outside the firewall.
I never added any special rules to the firewall up to this point to get them to work. But the upgrade from 7.7 to 8.1 change something related to the FTP.
Right now I had to move those machines over to an internet connection that is routed through my old firewall to get things working again. Anyone have any suggestion of something I can try to resolve the issue?
Thanks,
Trent
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: passive ftp clients behind the firewall
«
Reply #1 on:
March 02, 2018, 08:16:42 pm »
Read the firewall logs while trying to access the FTP server. Do you see FTP server related connections blocked?
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
nj44451
Newbie
Posts: 15
Karma: 0
Re: passive ftp clients behind the firewall
«
Reply #2 on:
March 03, 2018, 02:00:49 am »
i will take a look at the logs but what I don't understand is everything was working normal until I upgraded to 8.1.
I am thinking to either reinstall 8.1 from scratch like I have seen in some post or go back and stay at 7.5
Logged
monstermania
Hero Member
Posts: 524
Karma: 47
Re: passive ftp clients behind the firewall
«
Reply #3 on:
March 03, 2018, 10:08:59 am »
Maybe the FTP proxy plugin is missing after update!?
Logged
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: passive ftp clients behind the firewall
«
Reply #4 on:
March 05, 2018, 09:15:48 am »
Quote from: monstermania on March 03, 2018, 10:08:59 am
Maybe the FTP proxy plugin is missing after update!?
Happened to me too, it's a possibility.
Logged
franco
Administrator
Hero Member
Posts: 17675
Karma: 1613
Re: passive ftp clients behind the firewall
«
Reply #5 on:
March 05, 2018, 09:52:50 am »
Whoops, during a major upgrade?
Logged
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: passive ftp clients behind the firewall
«
Reply #6 on:
March 05, 2018, 10:29:41 am »
Quote from: franco on March 05, 2018, 09:52:50 am
Whoops, during a major upgrade?
I am not completely sure if it was during a major upgrade, I'd rather say not, but it happened a few months ago when ftp-proxy was moved from core to plugins. The update didn't check if ftp-proxy was installed before being a plugin, and didn't install it as a plugin during the update. If the major upgrade take place from an enough old (sub)version of OPNsense that is before the plugin being removed from core... I guess it might happen.
To me it happened because I have an FTP server on a different WAN/ LAN setup for some colleagues that insisted they need this
dinosaur
, and since it's on a different WAN, this means each and every connection is passing through 2 NAT GWs. I have setup ftp-proxy on both OPNsense machines so that it would be as easy as possible for clients to use whichever client they want, having whichever default connection type they have, active or passive. After the update I have started to get tickets stating FTP is down.
It wasn't, only that on the "away" OPNsense the plugin was missing, and the NAT rule pointed to OPNsense, not to the FTP server. Even if, it would have required clients to change from active to passive... etc. (The update wasn't simultaneous, not both OPNsense were upgraded at the same time, and when the other OPNsense was updated too, I knew where to check before any complaints).
Logged
franco
Administrator
Hero Member
Posts: 17675
Karma: 1613
Re: passive ftp clients behind the firewall
«
Reply #7 on:
March 05, 2018, 11:17:56 am »
os-ftp-proxy was never in core, so it can't be missing from that. Maybe as a config import / reinstall? That's when it doesn't come back automatically:
https://github.com/opnsense/core/issues/1663
Cheers,
Franco
Logged
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: passive ftp clients behind the firewall
«
Reply #8 on:
March 05, 2018, 12:54:10 pm »
Might be!... It's quite a while since, so I might don't remember exactly what happened.
Sorry if misleading!...
Logged
nj44451
Newbie
Posts: 15
Karma: 0
Re: passive ftp clients behind the firewall
«
Reply #9 on:
March 06, 2018, 04:07:06 am »
After a fresh install not from upgrade, lots of reading and looking at log files I found the issue with the clients connecting to an ftp server in passive mode outside my network.
Because of the Round robin or whatever you call it, since I have 2 virtual IP listed the program kept using different Public IP address for the various parts of the FTP connect and when I turned it off the FTP started making connection again. This same issue was causing issue in connection to certain Bank sites as their system detected the IP kept changing and blocked us out.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
passive ftp clients behind the firewall