Basic FTP server Package for pfSense
-
Is there any basic ftp server package for pfsense possible, please?
I know in some old post their was a way to manually install it, but not possible with new v2.4 version.
http://rasyid.net/2009/12/15/step-by-step-install-pure-ftp-inside-pfsense/Please devs, if that is not too much to ask for basic ftp server package for 2.4.4
Thanks -
For the firewall to act as an FTP server? No, never going to happen.
The firewall is a firewall, not a file server. FTP is a broken and insecure protocol, even with tacked-on things like FTPS.
That said, you could enable SSH and users could connect with SCP/SFTP, but that should not be exposed to the public because, again, it's a firewall and not a file server.
If you need a file server, virtualize it inside your network or isolate it on a dedicated device like a Pi. But if at all possible, avoid FTP like the plague it is.
-
@jimp said in Basic FTP server Package for pfSense:
For the firewall to act as an FTP server? No, never going to happen.
The firewall is a firewall, not a file server. FTP is a broken and insecure protocol, even with tacked-on things like FTPS.
That said, you could enable SSH and users could connect with SCP/SFTP, but that should not be exposed to the public because, again, it's a firewall and not a file server.
If you need a file server, virtualize it inside your network or isolate it on a dedicated device like a Pi. But if at all possible, avoid FTP like the plague it is.
Sorry, I wanted to clarify further. FTP for inside only (LAN side), not on WAN (public).
Many LoT & other devices support FTP uploads, like CCTV alerts etc that get uploaded to the FTP.I am sure by default package only allows source as internal subnet/private IP.
Thanks
-
That is still dangerous and not something that belongs on a firewall.
-
On side note, want to know how do I filter outgoing traffic by mac address. I have some devices that try to connect to outside, but want to prevent it.
IP blocking is not possible as IP address changes all the time... its long story. (DHCP reservation/static does will not work)If you are aware of way to block outgoing traffic by MAC, please let me know the steps, could not find it.
-
That's a topic for a new thread as it's unrelated to this subject.
-
@u444665 said in Basic FTP server Package for pfSense:
Sorry, I wanted to clarify further. FTP for inside only (LAN side), not on WAN (public).
Many LoT & other devices support FTP uploads, like CCTV alerts etc that get uploaded to the FTP.If it is in fact internal, inside LAN only, like you posted above, you don't need to run anything on your firewall. All internal LAN traffic, to talk with each other, doesn't touch the firewall at all. To do FTP all you need is a server type program that runs that protocol on a host/computer, and a client on another host/computer to connect to this server computer. It's been that way for at least 20 years, probably longer, since it's such an old tech.
Or, are you actually talking about something else? A LAN computer trying to FTP out to the internet, or an internet computer trying to FTP into a LAN computer?
Jeff
-
@akuma1x
pfsense is running on a dedicated PC with 200GB HDD, so would like to setup FTP as well, FTP service does not use that much resource anyway.Btw, ignore mac address filtering, I end up using Captive Portal which works perfectly, as long as you allow all remaining devices 1 by 1.
-
If you want to take advantage of that one single computer, you should probably virtualize your pfsense software. Then on a different instance, on the same PC, setup your FTP server stuff.
Jeff
-
It doesn't matter how large the storage in the firewall is, that doesn't make it a good idea to use it as a file server. Use a dedicated device, or virtualize everything on the hardware, but preferably use a different device.
-
Why don't you get a Raspberry Pi and run an FTP service there?
https://www.raspberrypi-spy.co.uk/2018/05/creating-ftp-server-with-raspberry-pi/
Besides making a virtual instance of an FTP server on something you already have, like the 200GB server box you're talking about, this is most likely the next "less expensive" option.
Jeff
-
@akuma1x said in Basic FTP server Package for pfSense:
Why don't you get a Raspberry Pi and run an FTP service there?
https://www.raspberrypi-spy.co.uk/2018/05/creating-ftp-server-with-raspberry-pi/
Besides making a virtual instance of an FTP server on something you already have, like the 200GB server box you're talking about, this is most likely the next "less expensive" option.
Jeff
It's what I do
I'd be tempted to use sftp rather than ftp.
-
@NogBadTheBad said in Basic FTP server Package for pfSense:
I'd be tempted to use sftp rather than ftp.
Well, yes, of course...
His CCTV doo-dads he mentions might or might not support that protocol, however. Who knows.
Jeff
-
@u444665 said in Basic FTP server Package for pfSense:
using Captive Portal which works perfectly, as long as you allow all remaining devices 1 by 1.
Normally ..... a captive portal should be run on a dedicated interface (OPTx).
Everybody on the 'non-trusted' captive portal interface and up to you if they 'merit' a place on a more trusted LAN (OPTy) interface.
Or even LAN - if they are really trustworthy.
