Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to get access to FTP from internet?

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cluka23
      last edited by

      Hi
      I have this setup…

      1. pfSense Rc1 Pc with 2 Nics.
          Lan: 192.168.0.3
          Wan: 192.168.100.2
      2. FTP Server: 192.168.0.1

      How to setup pfSense to get access to my ftp server from Internet?

      I can go out to internet but from internet In I can't go.

      Please Help

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Create a portforward (firewall>NAT, portforward in the webgui) of port 21 from the WAN interface to the internal host running the ftp service. Make sure "autocreate firewallrule" es checked when hitting save (it is checked by default, so don't turn it off). Turn on the ftp-helper at Interfaces>WAN (it's a checkbox on that page).

        1 Reply Last reply Reply Quote 0
        • C
          cluka23
          last edited by

          Thanks.

          I have done this and it didnt work.
          Then I went to firewall rules page -> Wan and there were 2 entryes.

          1. With destination 192.168.0.1 and port 21 and other fields set to *
          2. With destination set to blanks and port 21 and other fields set to *

          Then I entered the seccond rule and saw that destination was set to Network and Netmask set to 31 but I am using 24!!! (Why? I dont know)

          I just changed this to any, and now all seems to work ok.

          Can Somebody explain me (I am just curios) why the Nat -> portforwarding makes two firewall rules, and can somebody explain this two rules to me. Please.  :D

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            The ftphelper is a proxy server that opens up dynamically firewall ports by investigating the control connection of the ftp session when a client and the server communicates. it lives at the firewall itself, so traffic to this destination has to be allowed too. If it wasn't there you had to port forward the additional portrange your server is using and/or use passive/active mode for your connections.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.