FTP Helper on the LAN interface
-
Like many things there is a balance between security and convenience to be drawn.
Having the clients nominate the servers the need to connect to doesn't seem that unreasonable to me. But, inconvenient for them....
Steve
-
The bottom line is if you need Active FTP clients behind a firewall and the services provided by the FTP_Client_Proxy service are not a good fit, pfSense is not for you.
The availability of certificates has nothing to do with the fact that when a client requests a file, it tells the server where to connect to and that reverse server-to-client connection has to be opened on the client side firewall. Or firewall(s) in your case. SSH has been around for 20+ years. SFTP for 15+. They still insist on using FTP.