I’m learning IPFire and I have a problem with the firewall rules.
I explain : I want to connect to my ftp server which is in passive mode. My custom port range is 40000-45000. My Filezilla client is set in passive mode.
This is what I get when I try to connect to my ftp server :
Statut : Connexion à 192.168.0.42:21...
Statut : Connexion établie, attente du message d'accueil...
Statut : Initialisation de TLS...
Statut : Vérification du certificat...
Statut : Connexion TLS établie.
Statut : Connecté
Statut : Récupération du contenu du dossier...
Commande : PWD
Réponse : 257 "/" is current directory.
Commande : TYPE I
Réponse : 200 Type set to I
Commande : PASV
Réponse : 227 Entering Passive Mode (192,168,2,5,163,205)
Commande : MLSD
Réponse : 150 About to start data transfer.
Erreur : Connexion interrompue : ECONNABORTED - Connexion annulée
Réponse : 425 Unable to build data connection: EINVAL - Invalid argument passed
Erreur : Impossible de récupérer le contenu du dossier
It works on the FTP serveur (192.168.2.5) with localhost login. It doesn’t works on my personnal computer (192.168.0.41) with 192.168.0.42 login.
My RED IP is 192.168.0.42. My GREEN IP is 192.168.2.2.
What happens if you change the source from tout to 192.168.0.42 or red? Also, what happens if you connect to the FTP server (192.168.2.5) from a client also in the green network (e.g. 192.168.2.6)?
Also, is masquerading allowed in the green network (/Firewall/Firewall Options)?
Second, please post in English only (including error messages or program output, if possible). My french is - uh - virtually non-existent.
Regarding passive FTP: This would require ALG support for dynamically forwarding connections to your client behind IPFire, which are normally not permitted. Due to the NAT Slipstreaming vulnerability, we unfortunately had to drop ALGs completely earlier this year, which is why passive FTP does not work anymore.
Please try to use SFTP or another FTP operating mode, if possible.
What happens if you change the source from tout to 192.168.0.42 or red? Also, what happens if you connect to the FTP server (192.168.2.5) from a client also in the green network (e.g. 192.168.2.6)?
Regarding passive FTP: This would require ALG support for dynamically forwarding connections to your client behind IPFire, which are normally not permitted. Due to the NAT Slipstreaming vulnerability, we unfortunately had to drop ALGs completely earlier this year, which is why passive FTP does not work anymore.
Thanks for the help and the explanation. I will use SFTP
Second, please post in English only (including error messages or program output, if possible). My french is - uh - virtually non-existent.
