Basic FTP server Package for pfSense
-
That is still dangerous and not something that belongs on a firewall.
-
On side note, want to know how do I filter outgoing traffic by mac address. I have some devices that try to connect to outside, but want to prevent it.
IP blocking is not possible as IP address changes all the time... its long story. (DHCP reservation/static does will not work)If you are aware of way to block outgoing traffic by MAC, please let me know the steps, could not find it.
-
That's a topic for a new thread as it's unrelated to this subject.
-
@u444665 said in Basic FTP server Package for pfSense:
Sorry, I wanted to clarify further. FTP for inside only (LAN side), not on WAN (public).
Many LoT & other devices support FTP uploads, like CCTV alerts etc that get uploaded to the FTP.If it is in fact internal, inside LAN only, like you posted above, you don't need to run anything on your firewall. All internal LAN traffic, to talk with each other, doesn't touch the firewall at all. To do FTP all you need is a server type program that runs that protocol on a host/computer, and a client on another host/computer to connect to this server computer. It's been that way for at least 20 years, probably longer, since it's such an old tech.
Or, are you actually talking about something else? A LAN computer trying to FTP out to the internet, or an internet computer trying to FTP into a LAN computer?
Jeff
-
@akuma1x
pfsense is running on a dedicated PC with 200GB HDD, so would like to setup FTP as well, FTP service does not use that much resource anyway.Btw, ignore mac address filtering, I end up using Captive Portal which works perfectly, as long as you allow all remaining devices 1 by 1.
-
If you want to take advantage of that one single computer, you should probably virtualize your pfsense software. Then on a different instance, on the same PC, setup your FTP server stuff.
Jeff
-
It doesn't matter how large the storage in the firewall is, that doesn't make it a good idea to use it as a file server. Use a dedicated device, or virtualize everything on the hardware, but preferably use a different device.
-
Why don't you get a Raspberry Pi and run an FTP service there?
https://www.raspberrypi-spy.co.uk/2018/05/creating-ftp-server-with-raspberry-pi/
Besides making a virtual instance of an FTP server on something you already have, like the 200GB server box you're talking about, this is most likely the next "less expensive" option.
Jeff
-
@akuma1x said in Basic FTP server Package for pfSense:
Why don't you get a Raspberry Pi and run an FTP service there?
https://www.raspberrypi-spy.co.uk/2018/05/creating-ftp-server-with-raspberry-pi/
Besides making a virtual instance of an FTP server on something you already have, like the 200GB server box you're talking about, this is most likely the next "less expensive" option.
Jeff
It's what I do
I'd be tempted to use sftp rather than ftp.
-
@NogBadTheBad said in Basic FTP server Package for pfSense:
I'd be tempted to use sftp rather than ftp.
Well, yes, of course...
His CCTV doo-dads he mentions might or might not support that protocol, however. Who knows.
Jeff
-
@u444665 said in Basic FTP server Package for pfSense:
using Captive Portal which works perfectly, as long as you allow all remaining devices 1 by 1.
Normally ..... a captive portal should be run on a dedicated interface (OPTx).
Everybody on the 'non-trusted' captive portal interface and up to you if they 'merit' a place on a more trusted LAN (OPTy) interface.
Or even LAN - if they are really trustworthy.
