Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP not working

    NAT
    4
    6
    133
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anakaoka
      last edited by

      We replaced a cisco asa with a netgate pfsense, but its not supporting the FTP.

      https://www.john.geek.nz/2009/10/iis-6-ftp-when-passiveportrange-doesnt-work/#:~:text=IIS%206.0%20by%20default%20uses,of%20ports%20to%20be%20used

      Without touching the server we have to do this:
      https://docs.netgate.com/pfsense/en/latest/nat/setup-ftp-server-behind-pfsense.html

      Is there a better way?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        @anakaoka said in FTP not working:

        Is there a better way?

        Sure there is - stop using antiquated protocol like ftp ;) Just use sftp. Its secure, its supported by everything these days.. Shoot even current windows comes with sftp client and even sftp server. No need to deal with control and data channels and active or passive.. its just 1 single port.

        There is a helper package for clients behind pfsense wanting to use active connections to servers out on the public. But if your going to use a server behind pfsense, that clients out on the internet are going to be accessing. Then yes you would have to forward the passive ports that would be used by the ftp server, and you would have to make sure that the ftp server hands out the public IP for the passive connections back to it.

        If your server is going to only allow active connections, then you just need to make sure it can be let out to whatever ports it might be told to connect too.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 23.05.1 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • A
          anakaoka
          last edited by

          Actually it looks like if you are running IIS 6.0 you can't set your public IP and it wont work even with 1:1 NATs. - so you need an ASA for fixup. And yes, the better question is why is someone running IIS 6.0.

          N 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Yeah for sure IIS 6 - uggghhhh...

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 23.05.1 | Lab VMs CE 2.6, 2.7

            1 Reply Last reply Reply Quote 1
            • N
              Napsterbater @anakaoka
              last edited by

              @anakaoka
              I have LONG LONG abandoned IIS FTP.

              I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth.

              But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6.

              For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings.

              Raffi_R 1 Reply Last reply Reply Quote 0
              • Raffi_R
                Raffi_ @Napsterbater
                last edited by

                @Napsterbater said in FTP not working:

                @anakaoka
                I have LONG LONG abandoned IIS FTP.

                I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth.

                But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6.

                For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings.

                Second this ^
                Filezilla was my solution for a while also. It worked great and did exactly this with a range of passive FTP ports. Eventually ditched that Windows system and created a FreeNAS server with secure FTP access similar to the Filezilla. FreeNAS is pretty awesome stuff.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post