You just need to open the packet capture up. Which sure it could be.īut your going to want to sniff both lan and wan side on pfsense to validate the ftp package is changing the IP of the client for the active to work. Sniff on the client other than for trying to figure out why its not resolving is going to be pretty useless, unless its local firewall blocking the return traffic on active. On the lan side sniff for the dest IP so you can see all traffic going there, then on the wan side of pfsense sniff on the dest IP. Well sniff it on pfsense, diagnostic packet capture. So you could have some random said in ftp client passive mode: So the ftp active proxy would have to change that for you and open the ftp port. The client told the server to connect to 192.168.9.100 port 23*256+121, but for starters the server couldn't connect to my local IP. Now when you connect via active mode the client will tell the server what port to connect too. Here connecting to your server in 2 different modes. Who makes the connection when in active or passive for the data connection. Understanding how the ftp protocol works is step one in trying to troubleshoot it. this would be the port your trying to connect to in passive mode. This default is any any lan rule, so all outbound traffic to the internet from lan is allowed. Unless your limiting what ports a client can talk outbound to the internet there should be no issues. There is zero to do with pfsense to connect to a ftp server on the internet in passive mode. ![]() That proxy is only need when you want to connect to internet ftp server via active mode.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |