Multiple FTP severs; non-standard ports
-
Can someone enlighten me on how I can host FTP (active and passive) on non-standard ports behind pfSense 2.0-RC1? Lots of information online suggests using something called proxy helper, but first I can't find this in pfSense 2 and second that seems like it's only going to work for 21/20.
The ultimate goal is to host multiple ftp servers:
-one on WAN TCP 21
-one on WAN TCP 7521
-one on WAN TCP 7621
-one on WAN TCP 7721I will use 20, 7520, etc… for the data port and assign different ranges of ethereal ports to each server for PASV connections.
-
I'm not sure why nobody has replied. I did read the forum rules, but if I've violated them (or this is a stupid question or has been answered, please let me know).
Otherwise, if it's not possible, please consider incorporating this ability into a future version.
I'll continue to use the beta and report issues as they arise.
-
Hello!
To setup pfsense for passive connection I did this:-
I do not have the tftp proxy helper activated in System: Advanced: Firewall and NAT
-
Then we need some NAT settings.
WAN TCP * * WAN address 7520 - 7521 [Server address or alias] 7520 - 7521 Ftp server LAN
WAN TCP * * WAN address 1400 - 1430 [Server address or alias] 1400 - 1430 Ftp passive data ports -
Then we need 2 WAN firewall rules: (think you get them auto added when you save NAT rules)
Allow TCP * * [Server address or alias] 7520 - 7521 * none Ftp server LAN
Allow TCP * * [Server address or alias] 1400 - 1430 * none Ftp passive data ports -
The ftp server program needs to be set to the same passive dataports.
/illern
-
-
Yes, but that's only one ftp server, and that's only passive. I need to be able to support passive and active connections, and do it for two ftp servers. I can do this with a Cisco ASA, but not with PFSense, from what I can tell. The firewall will need to rewrite a bunch of information in the packet headers for this to work.