Need help to possibly setup FTP server

Gertjan

@mrsiddle

The answers are posted above.
If you did not recognize the messages form johnpoz and JKnott as answers, they contain enough info to get you started.

mrsiddle

This post is deleted!

mrsiddle

This post is deleted!

mrsiddle

This post is deleted!

johnpoz

@mrsiddle dude what are you looking for? The info needed to get ftp server working has been given here, and multiple multiple threads here as well.

What is it your not understanding, what exactly are you trying to accomplish?

mrsiddle

This post is deleted!

johnpoz

@mrsiddle some oddity in your ftp client on your phone would have nothing to do with pfsense.

Unable to get directly listing could be issue with data channel.. Are you doing passive or active ftp from your phone?

There are FAR EASIER ways to sync files to your phone vs ftp that is for sure.. But all the info on how to setup ftp server behind pfsense has already been given here, and plenty of other threads here..

Distinguished

This post is deleted!

mrsiddle

This post is deleted!

johnpoz

@mrsiddle said in Need help to possibly setup FTP server:

I am doing ftp

And you understand that there is a control channel and then a data channel.. The data channel is either active or passive.. This determines in what direction the channel is opened.

Here - if you have any hope of troubleshooting ftp, the first requirement is to understand how it actually works.

https://slacksite.com/other/ftp.html
Active FTP vs. Passive FTP, a Definitive Explanation

Out of the box a client behind pfsense doing passive there really is nothing to do to talk to a ftp server out on the public internet. Since the default lan rules are any any, and you would be able to connect out control port 21, and whatever the data port is sent by the server.

Where you have problems as a client behind pfsense is doing active, since the server trying to connect to the clients IP would not be allowed by the firewall. Unless the admin of pfsense set it up - say using the ftp helper/proxy package.

Running a server behind pfsense for active is normally not a problem since the server makes the outbound connection to the clients IP and Port. And again the default out rules are any any so the server would be allowed. All that would normally be needed is to forward port 21 to the server behind pfsense.

Now with server running passive behind, you run into the issue to what passive ports the server will use, and those ports will have to also be forwarded to the server along with the control port.

Other issues that come into play even with using the helper is if using encrypted control channel - where pfsense can not see the ports that will be used for the data channel - nor can it figure out or change wrong IP given in the control channel of rfc1918 addresses.

If your going to continue to use ftp, which is a dead protocol and really shouldn't be used any more.. SFTP via ssh port 22 is only 1 port and secure unlike ftp where username and passwords are sent in the clear, etc. You really need to understand how its going to work to use it behind any stateful firewall also tie that in with nat being done, etc. Not just pfsense.

You need to understand how a ftp server is going to work to make sure it presents its correct IP to the client (server behind nat).. And you need to understand what ports its going to use for passive.

from a client side talking to some server out on the public internet - you need to know what your using active or passive for the data channel. And you need to be able to alter between them depending, and you may need to adjust your edge firewall to allow or handle inbound connections from the server if doing active. Or you need to make sure you allow the correct outbound ports if you have altered the default any any rule, etc.

I have in the past gone over in great detail setting this up, and going over the protocol and how to use it in really any configuration behind pfsense. The details have been given for this OP original question..

But to be honest if your still using ftp today - your doing it wrong ;) ftp really should of died off 10 years ago. That its just not actually finally being removed from different browsers as even an option is great, even if late.. Use SFTP, use some web based transfer method that also uses just 1 port and normally secure ie via https.

Or use some sort of specialty sync software.. There are plenty of them out there, icloud, dropbox, googledrive, onedrive.. You could run nextcloud for example on your own network and sync music files to your phones and stuff that way.

mrsiddle

This post is deleted!

stephenw10

Locking this, it's just a spam magnet!