FTP not working

anakaoka · Jul 28, 2020, 6:02 PM

We replaced a cisco asa with a netgate pfsense, but its not supporting the FTP.

https://www.john.geek.nz/2009/10/iis-6-ftp-when-passiveportrange-doesnt-work/#:~:text=IIS%206.0%20by%20default%20uses,of%20ports%20to%20be%20used

Without touching the server we have to do this:
https://docs.netgate.com/pfsense/en/latest/nat/setup-ftp-server-behind-pfsense.html

Is there a better way?

johnpoz · Jul 28, 2020, 7:09 PM

@anakaoka said in FTP not working:

Is there a better way?

Sure there is - stop using antiquated protocol like ftp ;) Just use sftp. Its secure, its supported by everything these days.. Shoot even current windows comes with sftp client and even sftp server. No need to deal with control and data channels and active or passive.. its just 1 single port.

There is a helper package for clients behind pfsense wanting to use active connections to servers out on the public. But if your going to use a server behind pfsense, that clients out on the internet are going to be accessing. Then yes you would have to forward the passive ports that would be used by the ftp server, and you would have to make sure that the ftp server hands out the public IP for the passive connections back to it.

If your server is going to only allow active connections, then you just need to make sure it can be let out to whatever ports it might be told to connect too.

anakaoka · Aug 3, 2020, 7:52 PM

Actually it looks like if you are running IIS 6.0 you can't set your public IP and it wont work even with 1:1 NATs. - so you need an ASA for fixup. And yes, the better question is why is someone running IIS 6.0.

johnpoz · Jul 28, 2020, 10:01 PM

Yeah for sure IIS 6 - uggghhhh...

Napsterbater · Aug 3, 2020, 7:52 PM

@anakaoka
I have LONG LONG abandoned IIS FTP.

I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth.

But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6.

For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings.

Raffi_ · Aug 3, 2020, 8:40 PM

@Napsterbater said in FTP not working:

@anakaoka
I have LONG LONG abandoned IIS FTP.

I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth.

But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6.

For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings.

Second this ^
Filezilla was my solution for a while also. It worked great and did exactly this with a range of passive FTP ports. Eventually ditched that Windows system and created a FreeNAS server with secure FTP access similar to the Filezilla. FreeNAS is pretty awesome stuff.