Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP behind pfsense

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 765 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LDocean
      last edited by

      Hello,
      I have a vftp on Ubuntu running. Previously I had a Netgear firewall and all I did was port forward port 21 to the server and it worked. Doesn't work on my new Netgate XG-7100 box with the latest pfsense. Shouldn't it be as simple as the netgear setup? I read all the old posts that go on and on about ftp, but didn't need any of that with the netgear. anyone have any ideas what might be wrong? All my other port forwards work OK.

      1 Reply Last reply Reply Quote 0
      • M
        msf2000
        last edited by

        This has already been answered:
        https://forum.netgate.com/topic/14867/ftp-server-behind-pfsense-guide-explination

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          What exactly are you serving up behind your pfsense? Why not use sftp, this would be 1 port and secure!! Why not use webdav or some nice webgui for the users via https, again 1 port.. And not the protocol that should of died 10 some years ago before that 9 year old article linked too was even written ;)

          How about owncloud, or nextcloud, etc. The list goes on an on with better, faster more secure ways to move a file that are way easier to use for your users than some antiquated, depreciated PITA protocol to use when nat is involved..

          Hey when ipv6 becomes the norm you can go back to the 2 channel method of ftp ;) Control and Data..

          In this day an age other than just plain don't know any better there is zero reasons to be using or providing ftp..

          Then again if insist in staying int he past and providing unsecure methods of file transfer - then simple understanding of how the protocol works. Are you passive or active and simple config and your up and running....

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          L 1 Reply Last reply Reply Quote 0
          • L
            LDocean @johnpoz
            last edited by LDocean

            @johnpoz I am supporting a legacy system that custom accesses the files in code to bring down documents. The old language used does not support anything but ftp. I am rewriting it and will look at other solutions. For now, 24 remote office locations and 40 desktops, can't fool around.

            I use vsftp. Other FTP server programs will have settings that need to change just like this, you need to find them and set them on the FTP server config.

            I fixed it like this:
            On a Ubuntu linux server running vsftp
            To enable passive mode, set the following configuration options in your vsftp.conf:

            pasv_enable=YES
            pasv_min_port=30000
            pasv_max_port=30099 (Any port range you want to try)
            pasv_address=(Fixed Internet facing IP address)

            Then open these ports in pfsense to the server under the NAT menu
            Port forward 21 to the ftp server
            port forward the same range from the settings above to the ftp server
            30000 to 30099

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.