FTP server behind pfSense...
-
I think you're probably going to have to put up a sketch on where this FTP server sits in/on your network, where the pfsense box is, where your machine is, and all the in's and out's with network addresses so we can visually see how this network is setup.
That would help.
Jeff
-
Give each web server a private IP address on your internal network instead of a public address. Create Virtual IPs for each public IP these web servers used to use, and then NAT each one to its internal address.
-
https://docs.netgate.com/pfsense/en/latest/nat/ftp-without-a-proxy.html
-
@akuma1x It is not on my network. Think linke this, you got a FTP server in your company in Europe, but you work from home in the US, and you have pfSense protecting your home network, but you want to access the FTP server in Europe. (It is not the best example hehe) But anyways here is a scetch I made. Lets say I'm at PC2 and want access to the FTP server.
Tank you for your time! -
So you're just the FTP client? This should work without any problem if they have their end configured properly. There is nothing you can do on your end. FTP_Client_Proxy is not required for you to use FTP client software behind pfSense ecept under certain circumstances.
What is the actual problem you are seeing? Any error messages? I think you managed to confuse everyone and we all thought you were on the server end, trying to NAT them out to WAN.
-
@PhilipPutrus Can you get to any other FTP servers out on the internet? Like this one, as an example:
ftp://speedtest.tele2.net/
Download one of the smaller sample files there and tell us if it works ok. I don't think they have any valid data in them, just sample zip files.
Jeff
-
@kom hahha I'm sorry for confusing you, I myself am confused after all the articles I have read.
Yes Im just the FTP client.
Me too I thought I did not needed to do as much besides setting up rules that allows FTP packets because I'm just a client. What do you mean if they have their end configured properly? I also have a Zyxell firewall, If I remove pfSense and plug in the Zyxell firewall, I only need to setup a pass rule for FTP and It works perfectly. So how could it be that the server configuration is messd up?
FileZilla connects to the server, but get stuck at "Listing directory "bla bla bla".
It might be worth mentioning I managed to connect myself from the pfSense firewall, using commands, but a network client cannot.
Thanks for your time. -
@akuma1x
I'll try it tomorrow, then provid you with the status. Thank you :) -
@philipputrus said in FTP server behind pfSense...:
and plug in the Zyxell firewall, I only need to setup a pass rule for FTP and It works perfectly.
What is that pass rule in the Zyxel, can you elaborate? I'm only asking because pfsense can be setup the same (probably not necessary though), but it might be worth a try... It's a really simple LAN to external FTP server firewall rule in pfsense. Again, it's most likely NOT required.
By the way... are you running any blocking software on your pfsense install - snort, pfblockerNG, other stuff maybe?
Jeff
-
By default, LAN has an Allow All to Any rule that should literally take care of everything. I don't have any special rules on LAN, and I can ftp to speedtest.tele2.net without any problems whatsoever.
I also have a Zyxell firewall, If I remove pfSense and plug in the Zyxell firewall, I only need to setup a pass rule for FTP and It works perfectly.
Yeah it would have been nice to know this from the start. Post your LAN rules so we can see if there is something bogus in there.
Try to ftp to speedtest.tele2.net and see if it works for you.
-
@philipputrus said in FTP server behind pfSense...:
The server use Active mode I checkd that by connecting to it from the CMD
For active mode you need to have the client FTP proxy installed and configured. It will not allow the server to open data channels without it.
Steve
