FTP passive port on demand opening
-
As I already answered in my first post, there is no passive helper or way for pfsense to auto open the passive ports. If you want to provide passive ftp as an option to your ftp server then you need to set your ftp server to use a specific range of ports for its passive connections. And then forward that range.
You can for sure lock down the source IPs on this forward/firewall rule.
-
Yes, I will see if is possible to interact with pfsense using api to do this
-
@JeGr it's well known that an sftp process use more cpu
-
Your more than welcome to tinker all you want - but would be akin to coming up with a faster way to read floppy disks.. Nobody uses them ;)
Sure there is a huge user base for something like this - the 3 people still using ftp will love you I am sure ;)
-
@johnpoz said in FTP passive port on demand opening:
Nobody uses them ;)
that's where you're wrong ;)
-
Yeah there are still people using horses to pull their carts as well.. Not my point!
-
@johnpoz said in FTP passive port on demand opening:
Yeah there are still people using horses to pull their carts as well.. Not my point!
in the economic crisis language, it's called "happy decrease"!
-
@openaspace said in FTP passive port on demand opening:
@JeGr it's well known that an sftp process use more cpu
Just to add 0.02$: Again depending on the cipher and setup used. And it's documented, that it strongly depends on you configuration of SSH. Also speed comparisons are available that show that modern versions of SSH that are patched for the old problems of high latency or window sizes aren't far behind in transfer speed. So modern ciphers like AES-CTR deal with single/multi-core problems and you can hit a 1gpbs bandwith limit if you do a little bit of homework and don't use ice-age-old versions of your toolchain ;)
-
Only 10 sftp connections for a total 60MB/s
-
10 webdav connections over https at 90MB/s ;)
-
Besides your question solved - what about actually reading what I wrote? You show some graphs with no intel whatsoever. As I said, if you set it up right, it CAN work the same without pulling your leg. How should I know what old software you're running? I can show you graphs all day long - without details they tell you nothing other that you seem to be having a bad SSH setup. shrug But hey, if one wants to see problems as nails to use their hammer, that's nice. Have fun hammering :)
-
What cipher is being used for these connections... There can be some huge difference in speed and cpu cost.. And if the box supports say aes-ni, etc..
Simple test here locally.. using just chacha20 vs aes256-ctr and go from like 75MBps, to full gig at 111 and pretty good drop in cpu usage as well. Now I am a fan of chacha.. But if what your looking for is fastest speed with lowest resources used... Then yes you have to take a few minutes to config your stuff and not just turn it on.. This goes for everything in the IT world.
-
@johnpoz I denote a certain polemical vein
