Rule for FTP need help still new in pfsense
-
I don't know if I configured for active or passive I just followed some steps from you tube and it is working when I tried to connect from host on the LAN side (192.168.10.0/24)but when I setup a ftp section on one of my cameras on the OPT1 side (192.168.20.0/24) cannot connect to the server I tried both passive and active none of them are working
I tried to setup a rule on LAN Interface to pass port 21 source alias (all my camera IPs) destination my FTP server address still nothing
-
Ok I take it the first is your lan where your server is.. And the alias lan to subnets would be your opt1 network and others.
So that would allow for active connections.. Since in active connection the server from the lan side would create the data connection to your client on opt1 network. To whatever random port your client said to connect too.
But from your devnet interface I assume since you didn't include what interface those rules were on, and I am guessing this is your opt1 network. you do not even allow 21 to your lan - so how would you even connect if to control on 21 be it active or passive for the data channel? You would need to allow 21 to your freenas on lan on this opt1 interface rules… Then if using active it would work.. But if passive it wouldn't since your rules on opt1 or devnet does not allow connections to lan on high ports that your server would say connect to me on in passive mode.
So let me state this yet again.. If you want to troubleshoot ftp, you need to understand how ftp works both active and passive and you need to understand what your using.. What is the client your using? filezilla? Something else?
http://slacksite.com/other/ftp.html
Active FTP vs. Passive FTP, a Definitive Explanation
-
the last image is from my camera settings that's where I have to enter the ftp server information so all the camera records can be uploaded to my ftp server.
-
Where did I ask anything about that image? Dude I want to help you, but what are you not understanding about your rules are not going to work since you don't even have port 21 open on pfsense?
Since your client doesn't list if active or passive it prob default to active.. But a simple sniff of the traffic on pfsense would show you exactly what commands are being sent in the control channel.. And from ther you can see if active or passive and what ports are being used, etc.
But nothing is going to work at all until you open port 21 to your server IP on the client network firewall tab.
-
Just throwing out an idea… if you can somehow enable and use SFTP instead of regular FTP then you only need to think about port 22 TCP.
-
Yes that is a great idea, his nas most likely supports it.. But doubt the camera does.
-
I don't thing my camera support SFTP even my big SUNBA camera support sftp
I just setup IPSec to a 3rd location and I will try to install here freenas and point my cameras to freenas ftp server here -
"But nothing is going to work at all until you open port 21 to your server IP on the client network firewall tab."
Did you see this statement.. Your rules your posted do not allow 21, so no ftp is not going to work be it your using passive or active.. Since your client per your rules is not allowed to talk to the server on the other segment on 21 to even open the control channel.
How you think ipsec to some remote site is going to solve the problem vs storing it local?
-
My IPSec interface have an any to any rule I believe it will solve the problem
Thank you
-
No sorry its not… Traffic is evaluated on the interface it enters pfsense.. Great that your connection for ipsec as any any..
But your traffic doesn't enter pfsense there it enters the interface your client is connected too...
