OUTBOUND FTP RULES?



  • Hello
    I need to connect from my private lan to an external ftp server. i think it does not support active connection.
    Do i have to set particular rules on my lan pfsense firewall?
    I tried disabling both
    userland ftp proxy application in LAN and WAN
    pfsense 1.2 thanks in advice!



  • Let's say you have booted from the livecd with it's default values there really shouldn't be any problem unless the ftp site has a long welcome message.
    http://devwiki.pfsense.org/FTPTroubleShooting
    http://forum.pfsense.org/index.php/topic,7001.0.html



  • The only differencies are that i am using squind and squid guard
    I tried both disabled but it does not work anyway in passive ftp mode (hangs on ls command)
    I am behind a 3com router and lan is configured as:

    dynamic IP by provider on 3COM 3CRWDR101A-75
    192.168.111.254 dmz on 3COM 3CRWDR101A-75

    192.168.111.168 pfsense 1.2 WAN
    10.0.0.2 pfsense 1.2 LAN

    10.0.0.x myLAN

    MY NAT and RULES:

    WAN NAT
    WAN  TCP  3389 (MS RDP)  Server (ext.: 192.168.111.168)  3389 (MS RDP) RDP   
    WAN  TCP  80 (HTTP)        Server (ext.: 192.168.111.168)  80 (HTTP) HTTP   
    WAN  TCP  443 (HTTPS)     Server (ext.: 192.168.111.168)  443 (HTTPS) HTTPS

    LAN rules
    *  LAN net  *  *  *  *     Default LAN -> any

    WAN rules
       TCP  *  *  Server  3389 (MS RDP)  *     NAT Server RDP     
       TCP  *  *  WAN address  543  *     outside pfsense admin PORT 543     
       TCP  *  *  Server  80 (HTTP)  *     NAT Server HTTP     
       TCP  *  *  Server  443 (HTTPS)  *     NAT Server HTTPS

    Active mode works passive mode no… help...



  • I had a similar problem rescently.  My brother was having issues with netflix and other internet issues.  We found out the he was behind a second firewall.

    DSL - 67.xxx.xxx.xxx internal 192.168.2.1  the internal Router 192.168.2.1 internal network 192.168.1.1

    We ended up bridging the network, I bridged the DSL to the Linksys router.  I took the middle tier out.  That seemed to have resolved most of their issues.

    In a different case I had to do the following:
    On PFSense I created firewall rules to expose my internal network to the DMZ then on the External device.  Then created rules there to allow the traffic through the external router.

    The biggest issue I have is that you now are managing multiple rule sets.  You will need to make sure that you have reservations set or static addresses set for the internal FTP and make sure that they match up on the out firewall rule set.

    RC



  • :) :) :) :)
    I changed LAN settings on router (enabled dhcp server) and WAN settings on pfsense(to DHCP client) now it works! GREAT!
    Would like to know what the real problem was … maybe MTU or something on the route?
    Thank u all guys!


Locked