FTP not working. NAT rules setup like I did with other ports except using port 21 and it's not working.
-
@JLundberg said in FTP not working. NAT rules setup like I did with other ports except using port 21 and it's not working.:
@Derelict
Are you saying I will need to make changes to my current FTP server settings? So, pfsense can't be set up to function just like the older SonicWall? I may have misunderstood and sorry if I did.I don't know how to explain it any clearer than I already did.
The sonicwall might have had some ALG that overcame misconfiguration of the server like something that translated the passive address sent by the server to the WAN address. pfSense has no such ALG.
-
I was hoping for a drop-in replacement (after correct setup) to replace the current SonicWall. pfsense seems to be more capable (not in my hands though... Crap I did want to spend my whole day here :(
-
@JLundberg If there is ever a read-only Friday it is Friday, July 3. Second only to Friday December 23 probably.
-
SonicWall is not equal to pfSense
therefore we use
-
@Derelict
Understand. Yep I wanted to spend more time with my son. Single dad here. Thanks for your help. I'll continue to go over what you and the others have said. -
the best you can do......
" I wanted to spend more time with my son."Have a nice weekend
-
@Derelict
Yes I know you are explaining it clearly and I thank you for that. I wish I had more training to understand the clear things spoken of. Thanks again. I'll do some searching to try and understand more on if there was something like an ALG that made the SonicWall FTP easier to set up (but overall the sonicwall not having all the abilities like pfsense)I thank you.
-
Hello!
My experience with sonicwall tz's is that they dynamically open ports to support ftp.
"SonicWall overcomes this problem by actively scanning FTP traffic using DPI and dynamically opening ports required for clients to connect to the server. This way, only the Control port, TCP port 21, requires to be explicitly opened in the SonicWall."
https://www.sonicwall.com/support/knowledge-base/configuration-for-a-passive-mode-ftp-server-behind-the-sonicwall/170505318942162/John
-
@serbus
So I need to open explicitly open both or just 20 and leave my FTP NAT settings as they are? -
@JLundberg said in FTP not working. NAT rules setup like I did with other ports except using port 21 and it's not working.:
So I need to open explicitly open both or just 20 and leave my FTP NAT
Port 20 never needs to be forwarded, it will only ever be a source port in an active session..
To correctly setup ftp behind a nat firewall, you need to understand how it works to be honest.
Here is a great write up..
https://slacksite.com/other/ftp.html -
Hello!
FTP without the dynamic port forwarding was too much of a burden. I converted everything (Win servers, NAS, webops, clients, scripts, etc...) over to sftp. Security beyond basic src ip restrictions was never a concern for these particular ftp transfers, but the move to sftp was definitely on the todo list and the upgrades from sonicwalls -> netgates were the catalyst.
John
