FTP server behind pfSense...



  • Hello..
    Before you tell me that this question has been answerd 3 billion times can you just hear me out.
    First and foremost I've already read all tha topics about FTP and pfSense that you can find on Google, nothing works for me. literally when i search for ftp + pfsense all the results that come up are purple..

    No I cannot use SFTP, encrypted FTP or any other "secure" FTP servers, It is not up to me to decide what options of another FTP servers to use, simply.

    I've tried to use the FTP client proxy and it does not work! I get erros on FileZilla. I came accros the NAT/port forwarding method, but the problem is, I don't think the server have an internal IP, it has several network interfaces(8/9), and all of them got a public IP.
    So to my problem, I'm sure you already know what this is about, I want to be able to access the FTP server from the pfSense protected LAN, (with a whole other public IP). How can I do this?

    Please do not link to me documentations about FTP, active and passiv mode. I know what FTP is, I know it is crap because of the security deficiencies, but I'm forced to use FTP server. The server use Active mode I checkd that by connecting to it from the CMD.
    Thanks.



  • I think you're probably going to have to put up a sketch on where this FTP server sits in/on your network, where the pfsense box is, where your machine is, and all the in's and out's with network addresses so we can visually see how this network is setup.

    That would help.

    Jeff



  • Give each web server a private IP address on your internal network instead of a public address. Create Virtual IPs for each public IP these web servers used to use, and then NAT each one to its internal address.


  • Banned



  • @akuma1x It is not on my network. Think linke this, you got a FTP server in your company in Europe, but you work from home in the US, and you have pfSense protecting your home network, but you want to access the FTP server in Europe. (It is not the best example hehe) But anyways here is a scetch I made. Lets say I'm at PC2 and want access to the FTP server.
    0_1551973581812_Network.png
    Tank you for your time!



  • So you're just the FTP client? This should work without any problem if they have their end configured properly. There is nothing you can do on your end. FTP_Client_Proxy is not required for you to use FTP client software behind pfSense ecept under certain circumstances.

    What is the actual problem you are seeing? Any error messages? I think you managed to confuse everyone and we all thought you were on the server end, trying to NAT them out to WAN.



  • @PhilipPutrus Can you get to any other FTP servers out on the internet? Like this one, as an example:

    ftp://speedtest.tele2.net/

    Download one of the smaller sample files there and tell us if it works ok. I don't think they have any valid data in them, just sample zip files.

    Jeff



  • @kom hahha I'm sorry for confusing you, I myself am confused after all the articles I have read.
    Yes Im just the FTP client.
    Me too I thought I did not needed to do as much besides setting up rules that allows FTP packets because I'm just a client. What do you mean if they have their end configured properly? I also have a Zyxell firewall, If I remove pfSense and plug in the Zyxell firewall, I only need to setup a pass rule for FTP and It works perfectly. So how could it be that the server configuration is messd up?
    FileZilla connects to the server, but get stuck at "Listing directory "bla bla bla".
    It might be worth mentioning I managed to connect myself from the pfSense firewall, using commands, but a network client cannot.
    Thanks for your time.



  • @akuma1x
    I'll try it tomorrow, then provid you with the status. Thank you :)



  • @philipputrus said in FTP server behind pfSense...:

    and plug in the Zyxell firewall, I only need to setup a pass rule for FTP and It works perfectly.

    What is that pass rule in the Zyxel, can you elaborate? I'm only asking because pfsense can be setup the same (probably not necessary though), but it might be worth a try... It's a really simple LAN to external FTP server firewall rule in pfsense. Again, it's most likely NOT required.

    By the way... are you running any blocking software on your pfsense install - snort, pfblockerNG, other stuff maybe?

    Jeff



  • By default, LAN has an Allow All to Any rule that should literally take care of everything. I don't have any special rules on LAN, and I can ftp to speedtest.tele2.net without any problems whatsoever.

    I also have a Zyxell firewall, If I remove pfSense and plug in the Zyxell firewall, I only need to setup a pass rule for FTP and It works perfectly.

    Yeah it would have been nice to know this from the start. Post your LAN rules so we can see if there is something bogus in there.

    Try to ftp to speedtest.tele2.net and see if it works for you.


  • Netgate Administrator

    @philipputrus said in FTP server behind pfSense...:

    The server use Active mode I checkd that by connecting to it from the CMD

    For active mode you need to have the client FTP proxy installed and configured. It will not allow the server to open data channels without it.

    Steve


Log in to reply