ProFTPD Troubles

[MDKAOD]

So, I've been putting off upgrading my pfsense box since January due to their removal of the FTP proxy helper for servers behind NAT knowing that this was going to cause me issues.

I've been forced to perform the upgrade today and cannot for the life of me get FTP working outside the network. I can get good connection to the FreeNAS box, but ProFTPD appears to stop responding or straight up crash (exit signal 11) if trying to use reverse DNS (https://bugs.freenas.org/issues/10100).

Upon doing everything that should set me up for passive FTP transfers (Masq'd address, passive ports in place) I'm met with messages of malformed directory listings (ftptest.net)

Code:

Warning: Plaintext FTP is insecure. You should use explicit FTP over TLS.
Status: Resolving address of {MYADDRESS}
Status: Connecting to {MYADDRESS}
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220 ProFTPD 1.3.5 Server (library.printdrs.com FTP Server) [{MYADDRESS}]
Command: CLNT https://ftptest.net on behalf of {MYDIFFADDRESS}
Reply: 500 CLNT not understood
Command: USER {USER}
Reply: 331 Password required for {USER}
Command: PASS ********
Reply: 230-Welcome to FreeNAS FTP Server
Reply: 230 User {USER}logged in
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Features:
Reply: MFF modify;UNIX.group;UNIX.mode;
Reply: REST STREAM
Reply: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Reply: UTF8
Reply: EPRT
Reply: EPSV
Reply: LANG ko-KR.UTF-8;ko-KR;it-IT.UTF-8;it-IT;es-ES.UTF-8;es-ES;bg-BG.UTF-8;bg-BG;zh-CN.UTF-8;zh-CN;ja-JP.UTF-8;ja-JP;zh-TW.UTF-8;zh-TW;ru-RU.UTF-8;ru-RU;fr-FR.UTF-8;fr-FR;en-US.UTF-8;en-US*
Reply: MDTM
Reply: TVFS
Reply: MFMT
Reply: SIZE
Reply: 211 End
Command: PWD
Reply: 257 "/" is the current directory
Status: Current path is /
Command: TYPE I
Reply: 200 Type set to I
Command: PASV
Reply: 227 Entering Passive Mode ({MYADDRESS},196,170).
Command: MLSD
Status: Data connection established.
Reply: 150 Opening BINARY mode data connection for MLSD
Error: Malformed directory listing
Error: Line feed received without preceding carriage return

If I could get another head on this, it'll stop mine from hitting the desk. Thank you

 

[cyberjock]

Are you using filezilla?

 

[MDKAOD]

Not at the time of testing, no. GhostCommander on Android, and ftptest.net were failing. net2ftp worked fine, but that was an active connection. I need to get passive working. Testing filezilla right now (from home) connects initially but cannot retrieve a directory listing. It times out. I assume that's the passive port not passing by ProFTPD.

 

[DrKK]

• Error: Malformed directory listing

• Error: Line feed received without preceding carriage return

Line feed received without preceding carriage return?

Do you have a file in the root directory that has some malformed name in it?

Try setting the default start directory to something else entirely.

 

[MDKAOD]

I thought the same thing, it's happening regardless of login directory, which I'm able to test via different logins leading to different places. ftptest.net doesn't provide functionality to directly input a starting directory.

 

[MDKAOD]

I guess the lack of response here doesn't bode well for a solution, huh? :)

 

[cyberjock]

Sorry, I don't remember what the fix was. I did have this issue before, but I later determined it was user-error of some kind or because of Filezilla (I forget which it was).

Just as an idiot check, can you log in locally from your LAN and it work?

 

[MDKAOD]

Just getting back to this issue, over LAN active connection works fine, passive does not.

 

[MDKAOD]

I've tracked down this bug report that seems to indicate it's a ProFTPD package problem: http://bugs.proftpd.org/show_bug.cgi?id=4202
Is there anything I can do to force an upgrade to the package without causing too much headache going forward?

 

[cyberjock]

Is there anything I can do to force an upgrade to the package without causing too much headache going forward?

Unfortunately, no. Your best solution is to put in a bug ticket and ask for that package to be updated.

 

[MDKAOD]

Thanks for your time. Filed over here #12009.