How to get access to FTP from internet?
I have this setup…
1. pfSense Rc1 Pc with 2 Nics.
2. FTP Server: 192.168.0.1
How to setup pfSense to get access to my ftp server from Internet?
I can go out to internet but from internet In I can't go.
Create a portforward (firewall>NAT, portforward in the webgui) of port 21 from the WAN interface to the internal host running the ftp service. Make sure "autocreate firewallrule" es checked when hitting save (it is checked by default, so don't turn it off). Turn on the ftp-helper at Interfaces>WAN (it's a checkbox on that page).
I have done this and it didnt work.
Then I went to firewall rules page -> Wan and there were 2 entryes.
1. With destination 192.168.0.1 and port 21 and other fields set to *
2. With destination set to blanks and port 21 and other fields set to *
Then I entered the seccond rule and saw that destination was set to Network and Netmask set to 31 but I am using 24!!! (Why? I dont know)
I just changed this to any, and now all seems to work ok.
Can Somebody explain me (I am just curios) why the Nat -> portforwarding makes two firewall rules, and can somebody explain this two rules to me. Please. :D
The ftphelper is a proxy server that opens up dynamically firewall ports by investigating the control connection of the ftp session when a client and the server communicates. it lives at the firewall itself, so traffic to this destination has to be allowed too. If it wasn't there you had to port forward the additional portrange your server is using and/or use passive/active mode for your connections.