Hi, I have installed ispconfig 3.2.7 where I have created user account, FTP account and website for the user. I can connect with FTP from my internal (LAN)network but I am not able to connect from internet (WAN side). I am using pfsense firewall. I have configured port forwarding to port 21. I am getting the following error: Server sent passive reply with unroutable address 10.2.150.180, using host address instead. Timeout detected. (data connection) Could not retrieve directory listing Error listing directory '/'. Please help. It would be highly appreciated
you need to configure a passive port range and allow in your firewalls. https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-debian-and-ubuntu-linux/
This means that the passive port range is still either not configured or blocked by a firewall on the server or by a firewall in front of the server (e.g. a Firewall of your ISP or the data center where you host the server).
Hi Till, Thanks for your reply. To test I have disabled firewall on ISPconfig. Allowed all inbound and outbound traffic for passive port range both on LAN and WAN interface. I have also attached the screenshot of port forwarding along with other screenshoots. But still it is not working. I do not know where I am going wrong please have a look. feel free to ask if it does not give any meaning to you
You added a port forward for port 21 but not for the passive port range; those have to be forwarded to the server as well for the connection to succeed.
Thanks, I can do that. in that case which port shall I use in my FileZilla Client to initiate the FTP connection ?
Thanks for your help. It is working now. But now I am not being able to connect from the LAN side with server's private IP address. I believe it is because the server is responding to the external address. Isn't there any way to get it worked both with Internally and Externally? I can use the public IP from LAN side, this way it is working. Fine. Have a great time.
You can use the internal IP address in your FTP client connection settings. This might produce a SSL warning though.
Pfsense is pretty configurable, I imagine you could also get it to hairpin connections to the public ip back to that server. Personally I would just use SFTP, which is much simpler.
