Hello There ! I need your suggestion



  • Hi ! there,
    I have two different network, and need to transfer data from one network to another network using FTP/SFTP. Does firewall required ? If not what can be the alternate way?


  • Rebel Alliance Developer Netgate

    There isn't enough information here to give a proper answer.

    • Are these networks at the same location, or different locations?
    • How are they connected currently, if they are connected at all?
    • If you do not have a firewall already, what is there now?
    • Is the data you are trying to transfer sensitive/secret in some way?
    • Is supporting FTP a requirement, or can it always be SFTP/SCP?


  • Reply:
    @jimp said in Hello There ! I need your suggestion:

    Are these networks at the same location, or different locations?
    :Same location ( FTP server is at different location), both these network must not be connected on cloud. The network from which data requires to transfer will be using passive mode of ftp.
    How are they connected currently, if they are connected at all?
    : Not connected.
    If you do not have a firewall already, what is there now?
    : Windows firewall and Antivirus
    Is the data you are trying to transfer sensitive/secret in some way?
    : Sensitive
    Is supporting FTP a requirement, or can it always be SFTP/SCP?
    : FTP (preferred as it don't required to install any third party software like winscp, filezilla)


  • Rebel Alliance Global Moderator

    @rtshbrd said in Hello There ! I need your suggestion:

    : FTP (preferred as it don’t required to install any third party software like winscp, filezilla)

    You going to use the built in ftp.exe of windows? It only does active.

    using passive mode of ftp.

    Then on the server side, you need to forward the passive ports the server will be using, and make sure the ftp server actually gives out its public IP vs its local rfc1918 if on nat.

    On the client side with passive there is zero to do unless your filtering ports outbound at the client side. if so then you would have to allow the ports the passive ftp server is going be using.

    You know what requires ZERO setup on the client side - a web interface to move files. Since users are really going to be too stupid normally to use ftp.exe on windows. And browser and ftp normally BLOW unless its simple download from a url.. Which might as well just be served up with http if that is the case.


  • Rebel Alliance Developer Netgate

    @rtshbrd said in Hello There ! I need your suggestion:

    Reply:
    @jimp said in Hello There ! I need your suggestion:

    Is the data you are trying to transfer sensitive/secret in some way?
    : Sensitive
    Is supporting FTP a requirement, or can it always be SFTP/SCP?
    : FTP (preferred as it don't required to install any third party software like winscp, filezilla)

    If the data is sensitive, you should not be using FTP. FTP is transmitting your login credentials and the content of the files in the clear without encryption.

    If you must use FTP, then maybe you could setup a VPN between the sites. But if you have a VPN between the sites, you could also just throw the files across windows shares or some other transfer method.

    FTP is awful.


  • Rebel Alliance Global Moderator

    @jimp said in Hello There ! I need your suggestion:

    FTP is awful.

    And should of died off 10 some years ago at the latest - that we still threads about it in like daily is just freaking NUTS!!!

    If you have idiot users you have to cater too - then fire up a nextcloud or owncloud install or any of the other web based gui interfaces to file transfer so they can click on shiny buttons and get the files you need back and forth.. Which would be hands down more secure than ftp - since you can do it all via https.