Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to set up FTP? (client behind pfSense, active mode)

    NAT
    3
    4
    7.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • e4chE
      e4ch
      last edited by

      I understand how FTP works in all modes (see http://slacksite.com/other/ftp.html) and I have the following scenario:
      I want all clients on the LAN to be able to connect to random FTP servers on the Internet, mainly to download software, usually not even a login is required. Mostly by following links on web pages.
      I do understand that FTP is an old technology and should no longer be used, but unfortunately it is.
      When following links in browsers, I assume we are talking about Active FTP here. If I'm wrong, let me know.
      Passive FTP would work "out-of-the-box", but not with browsers and not when all upper ports are closed by default, so that's not an option.
      My previous router with DD-WRT supported this without configuring anything (maybe the browser was switching to passive FTP and of course outgoing traffic is always open there).
      Then I had a ZyWALL, where I had to enable FTP ALG to get this working.
      Now I have pfSense and don't know how to configure this. I understand that older versions had FTP ALG, but this is no longer included or something.
      I heard there are "packages" to install this FTP proxy. I know FTP is crap, but as long as it is used (=forever) pfSense should provide some support for it.
      The help page for this (https://doc.pfsense.org/index.php/FTP_without_a_Proxy) also doesn't tell anything how to set this up (except "will not work"). There's a link to a command-line tool though. Is there any documentation on how to set this up? I mean this must be something that everyone needs, so it should be fairly common. I see a lot of questions, but no real answers to this.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Look at the FTP Client Proxy package.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • e4chE
          e4ch
          last edited by

          @Derelict:

          Look at the FTP Client Proxy package.

          Thanks for your reply Derelict. Unfortunately I already knew that I probably needed to install a package or something (see my question). As I'm new to pfSense, I was looking for instructions. Anyway, after some more hours of googling, I found the solution myself. For anyone else reading this thread, here's the solution. It always is easy or even trivial after you know the solution.

          I found the thread https://forum.pfsense.org/index.php?topic=89841.0 where user jimp in this forum explains that he implemented this package. The link goes to GitHub (https://github.com/pfsense/pfsense-packages/commit/a868b2522ef865f117c892a07ae3507686783ff3), to a specific commit, and the post is from 2015, but looking at the GitHub repository, there are 12112 commits, with the latest from 12 Oct 2015.
          Anyway, there is no need to work with GitHub, or compile anything, here are the simple instructions:

          1. Remove all FTP-related firewall rules you have already added while trying around.
          2. In pfSense, go to System / Package Manager / Available Packages and install "FTP_Client_Proxy"
          3. Go to Services / FTP Client Proxy and select the following options:

          • Check "Enable the FTP Proxy"
          • Local Interface = LAN
          • Check "Early Firewall Rule" (only if you have a "block all" rule at the end)
          • Save

          I tested with pfSense version 2.4.2-RELEASE-p1 (amd64) and it works fine from the browser.

          Very simple and straightforward - if you know how.

          G 1 Reply Last reply Reply Quote 3
          • G
            golub @e4ch
            last edited by

            @e4ch Thank you so much for posting this clear, and now I've understood it, simple solution to a problem I was fighting. Saved me a ton of hair pulling!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.