FileZilla FTP issues

[techy87]

So here is my issue.

I am trying to use FileZilla FTP to get a connection rolling to my File Server (Wonderland). I have following several different YT videos but have been unable to successfully FULLY connect to where I can see content.

 

I have set this up before but for some reason I can't remember all the things I did in order to make it work.

 

Currently I have the ports needing to be forwarded set through my PfSense router, the Firewall should be configured correctly and I have the settings in FileZilla correct (I think) but whenever I try to connection I errors 200 and 421... not sure what these are or even mean {still scowering the interwebs for an answer}... I'm also betting it might be something I overlooked.

[MCManiac52]

2 hours ago, techy87 said:

So here is my issue.

I am trying to use FileZilla FTP to get a connection rolling to my File Server (Wonderland). I have following several different YT videos but have been unable to successfully FULLY connect to where I can see content.

 

I have set this up before but for some reason I can't remember all the things I did in order to make it work.

 

Currently I have the ports needing to be forwarded set through my PfSense router, the Firewall should be configured correctly and I have the settings in FileZilla correct (I think) but whenever I try to connection I errors 200 and 421... not sure what these are or even mean {still scowering the interwebs for an answer}... I'm also betting it might be something I overlooked.

Tip for in pfsense: use the aliases for ports and hosts to make rules a lot easier to manage. Also make sure windows firewall isn't blocking your ftp port. I don't think FileZilla unblocks the port automatically so it's worth making sure. Also if you're not already, use something over that port 21 as it's the default port making you more vulnerable to attacks as hackers will always try it first.

 

Edit: error 421 indicates too many connections which would indicate that theres a setting in the server config that's only letting 0 connections from a given IP, not sure where it is but I remember seeing it before, if you find it, change it to whatever you like and it should stop that error. One thing to note is FileZilla reconnects for every file download, so make sure you have it set to something high if you plan to transfer a lot of files.

[techy87]

Ok so I'm now I'm not receiving the 'to many connections' issues anymore but I am seeing this one: Make sure you have permissions, the operation timed out....

[techy87]

something about MLSD is causing an issue for me to connect and I can't figure out how to fix it...

[MCManiac52]

6 minutes ago, techy87 said:

something about MLSD is causing an issue for me to connect and I can't figure out how to fix it...

Operation timed out could suggest that it's not connecting properly, this could be because of a port error. You could try connecting in active mode in FileZilla. Find transfer settings and change the transfer mode to active.

[techy87]

Just now, MCManiac52 said:

Operation timed out could suggest that it's not connecting properly, this could be because of a port error. You could try connecting in active mode in FileZilla. Find transfer settings and change the transfer mode to active.

Unfortunately I did try that

[MCManiac52]

2 minutes ago, techy87 said:

Unfortunately I did try that

Have you tried using SFTP instead of regular FTP? 

 

edit: you could also try to allow passive ports 30000 350000 in the config (remember to port forward them too)

[techy87]

1 minute ago, MCManiac52 said:

Have you tried using SFTP instead of regular FTP? 

I will have to write out majority of how things are set up and rerun the setup configuration to determine what exactly is going on... I just tried sFTP and it still failed

[MCManiac52]

2 minutes ago, techy87 said:

I will have to write out majority of how things are set up and rerun the setup configuration to determine what exactly is going on... I just tried sFTP and it still failed

That sucks, did you try the passive ports?

[techy87]

23 hours ago, MCManiac52 said:

That sucks, did you try the passive ports?

I finally got it to work... turns out that even though I had forwarded ports in PfSense... I wasn't forwarding the passive ports correctly.... I can now access the FTP the way I needed it to work...

[MCManiac52]

9 minutes ago, techy87 said:

I finally got it to work... turns out that even though I had forwarded ports in PfSense... I wasn't forwarding the passive ports correctly.... I can now access the FTP the way I needed it to work...

Oh cool nice! That's something I've found with port forwarding. No matter how correctly you did it the first time, you always have to do it again

[techy87]

16 hours ago, MCManiac52 said:

Oh cool nice! That's something I've found with port forwarding. No matter how correctly you did it the first time, you always have to do it again

It was just super flustering cause every time I tried to add ports x through x it wasn't allowing me to add the range... I was getting all confused since I am still pretty new to PfSense... Since I managed to get this up and running my next goal (since I saved the new PfSense config) is to attempt configuring VPN. That is a whole new ball game to me and I know nothing about it... lol... Probably need to create a new thread as well for that one... Then again VPN may not be needed since I have the FTP service working... Not Sure yet... Need to step back and take a break anyway to enjoy what I have already fixed.  I do appreciate your help and direction for things to look for and at.

[MCManiac52]

Just now, techy87 said:

It was just super flustering cause every time I tried to add ports x through x it wasn't allowing me to add the range... I was getting all confused since I am still pretty new to PfSense... Since I managed to get this up and running my next goal (since I saved the new PfSense config) is to attempt configuring VPN. That is a whole new ball game to me and I know nothing about it... lol... Probably need to create a new thread as well for that one... Then again VPN may not be needed since I have the FTP service working... Not Sure yet... Need to step back and take a break anyway to enjoy what I have already fixed.

Okay cool, PfSense VPN is something I have played with so that should be easy^tm the best way you can do it is with OpenVPN, which PfSense has built in support for.

[techy87]

5 minutes ago, MCManiac52 said:

Okay cool, PfSense VPN is something I have played with so that should be easy^tm the best way you can do it is with OpenVPN, which PfSense has built in support for.

I guess my question would be, does it cost money for the VPN?

[MCManiac52]

4 minutes ago, techy87 said:

I guess my question would be, does it cost money for the VPN?

Nope, if you set up your own it doesn't cost anything (other than power/internet usage obviously).

[techy87]

1 minute ago, MCManiac52 said:

Nope, if you set up your own it doesn't cost anything (other than power/internet usage obviously).

Would you be able to provide me with some basic instructions on how to begin?

[MCManiac52]

29 minutes ago, techy87 said:

Would you be able to provide me with some basic instructions on how to begin?

So I spend the past half hour checking my configs and writing out some instructions, and then I realised that a Wizard to create the VPN is built in, just go to the Wizards tab in VPN>OpenVPN and follow the step by step, if you need any help through that, just let me know  I've left the instructions I did write in just in case they're useflul(minus the screenshots, let me know if you need them)

 

 

Spoiler

 

First of all you're gonna want to make a user to use the VPN in the user management section in the system tab.

Next you'll need to create a client for OpenVPN in the VPN tab, click openvpn, then clients and add a new one.

• For the server mode you'll want Peer to Peer (SSl/TLS) unless you plan on using a shared encryption key(much more in depth and not as easy as just using a password)
• The protocol should be TCP and device mode should be tun. Select the interface to be the one that goes to the internet(WAN)
• For server host you want want to put in your public IP address, if you have a domain registered, i recommend you create an A record that points to your IP so that you can easily update the IP should yours change. Another great way to do this is by using No-Ip which is a free online service that essentially does the same thing.
• The port can be up to you, just make sure it's not used by any other applications.
• For the username and password section, use the same things you used when creating the user earlier.
• I've attached a screenshot of the Cryptographic Settings as they are easy to just copy.

Now to set up the server. Save the client.

 

First you need to create a certificate to use with the VPN. I'm not entirely sure how it works but i believe you just go to System>Cert.Manager then create an internal CA as well some certificates. I'm not 100% on these though so I suggest googling it.

 

now go to the servers tab in the VPN>OpenVPN section on PfSense.

• For the general information at the top, this should be the same as what you set in the client config.
• Refer to google for the certificate uses, i'm not entirely sure how it works.
• the rest of the Cryptographic Settings I have attached as they're pretty straight forward.
• The "IPv4 Tunnel Network" should be set to an address range in CIDR, depending on what subnets you use will depend on this. I use 10.0.10.0/24 for my main network, so I have the VPN using 10.0.5.0/24.
• The "IPv4 Local network(s)" should be in the same format as above and should instead be your main network (so the VPN client can see devices that are connected locally to the PfSense box)
• Concurrent connections can be set to whatever is needed for you.
• The Dynamic IP setting is up to you, the Address Pool setting should be checked and the topology should be set to Subnet.
• The Advanced Client Settings rely mostly on your configuration, you should use them, but they're not mandatory(i don't think)
• The rest can be left

 

•