FTP proxy and pfsense 2.2
-
Hello,
You continue to talk about server configuration, so apparently you doesn't understand or read :
FTP server aren't on my LAN but outside and on internet like ftp.free.fr, and i don't own it.
" Just because you don't admin the firewall " ???
I'm the admin of the firewall on my LAN, so I added a rule to let my users who are in my LAN access to public FTP server on internet.
So with the outbound rule no proxy is needed but i must create all the rule specificaly for each server.
-
I Understand very well, you just don't state details that were asked multiple times.
example:
"I tried to add WAN => LAN pass rules between TCP 42000 and 42010"So this could be for a passive server behind pfsense, or did you set your client to use specific ports in the active connection? Without some actual details it could go either way.
Thank you from this
"FTP server aren't on my LAN but outside and on internet like ftp.free.fr, and i don't own it."You don't need any special firewall rules on passive, unless you have outbound ports locked down. Since the client connects to some port the server gave. In an active connection yes the server would connect back to the client from source 20.
Why do you need to create each rule, do you have all your outbound ports locked down? Are they using active?
As stated help/proxy is gone.. You have to do it old school like your doing now. Its not that difficult.
-
I can't speak for the OP, but maybe it is something like this:
We have run into a situation on numerous occasions where the remote server is either misconfigured (gives its private IP rather than its public IP), or it is behind a firewall not configured correctly for a passive FTP server. Thus the configuration on the remote end is not set up properly for passive FTP.
This makes it such that clients on our local network (behind pfsense) cannot connect using passive mode. The active (port) mode helper would allow local uses to instead use active (port) mode and connect to FTP servers in these cases.
Now that the helper is gone this is not an option, and users of pfsense are stuck trying to find some other workaround.
All too often the server "admin" on the opposite end has no clue how to set up the server/firewall properly for FTP. It is however the users on the pfsense end that get left in the cold. We can give certain machines 1:1 NAT and then allow specific ports for active FTP if the FTP client supports this (like FileZilla). This works, but is more difficult to set up, and requires a public IP (not an issue here, but I know lots of business with only 1 or 2 public ips due to the shortage).
-
And now… https://forum.pfsense.org/index.php?topic=89841.0
-
Very cool. Thanks!
-
Maybe you can help me.
I use Pfsense 2.2.2 with 2xWAN, Loadbalancing, Failover.
Since the Update to 2.2.2 i can not connect with Filezilla to FTP Server in the Inter for an example to my Webhosting. The Connections is very slow and sometimes the connections is broken.
I have read the Problem is the Loadbalancing.
How i can i fix it ?
Thank you
-
See https://forum.pfsense.org/index.php?topic=89841.msg497482#msg497482
-
if i install the FTP Client Proxy Package. It is the Solution for my Problem with Loadbalancing with FTP?
-
Read through the portion of the thread starting with the post I linked in the previous message, it specifically mentions the problem with load balancing.
-
you write that is not working with Loadbalancing ?
