FTP behind pfsense

  • Hello,
    I have a vftp on Ubuntu running. Previously I had a Netgear firewall and all I did was port forward port 21 to the server and it worked. Doesn't work on my new Netgate XG-7100 box with the latest pfsense. Shouldn't it be as simple as the netgear setup? I read all the old posts that go on and on about ftp, but didn't need any of that with the netgear. anyone have any ideas what might be wrong? All my other port forwards work OK.

  • LAYER 8 Global Moderator

    What exactly are you serving up behind your pfsense? Why not use sftp, this would be 1 port and secure!! Why not use webdav or some nice webgui for the users via https, again 1 port.. And not the protocol that should of died 10 some years ago before that 9 year old article linked too was even written ;)

    How about owncloud, or nextcloud, etc. The list goes on an on with better, faster more secure ways to move a file that are way easier to use for your users than some antiquated, depreciated PITA protocol to use when nat is involved..

    Hey when ipv6 becomes the norm you can go back to the 2 channel method of ftp ;) Control and Data..

    In this day an age other than just plain don't know any better there is zero reasons to be using or providing ftp..

    Then again if insist in staying int he past and providing unsecure methods of file transfer - then simple understanding of how the protocol works. Are you passive or active and simple config and your up and running....

  • @johnpoz I am supporting a legacy system that custom accesses the files in code to bring down documents. The old language used does not support anything but ftp. I am rewriting it and will look at other solutions. For now, 24 remote office locations and 40 desktops, can't fool around.

    I use vsftp. Other FTP server programs will have settings that need to change just like this, you need to find them and set them on the FTP server config.

    I fixed it like this:
    On a Ubuntu linux server running vsftp
    To enable passive mode, set the following configuration options in your vsftp.conf:

    pasv_max_port=30099 (Any port range you want to try)
    pasv_address=(Fixed Internet facing IP address)

    Then open these ports in pfsense to the server under the NAT menu
    Port forward 21 to the ftp server
    port forward the same range from the settings above to the ftp server
    30000 to 30099

Log in to reply