• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FTP not working

Scheduled Pinned Locked Moved NAT
6 Posts 4 Posters 462 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    anakaoka
    last edited by Jul 28, 2020, 6:02 PM

    We replaced a cisco asa with a netgate pfsense, but its not supporting the FTP.

    https://www.john.geek.nz/2009/10/iis-6-ftp-when-passiveportrange-doesnt-work/#:~:text=IIS%206.0%20by%20default%20uses,of%20ports%20to%20be%20used

    Without touching the server we have to do this:
    https://docs.netgate.com/pfsense/en/latest/nat/setup-ftp-server-behind-pfsense.html

    Is there a better way?

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz Jul 28, 2020, 7:09 PM Jul 28, 2020, 7:07 PM

      @anakaoka said in FTP not working:

      Is there a better way?

      Sure there is - stop using antiquated protocol like ftp ;) Just use sftp. Its secure, its supported by everything these days.. Shoot even current windows comes with sftp client and even sftp server. No need to deal with control and data channels and active or passive.. its just 1 single port.

      There is a helper package for clients behind pfsense wanting to use active connections to servers out on the public. But if your going to use a server behind pfsense, that clients out on the internet are going to be accessing. Then yes you would have to forward the passive ports that would be used by the ftp server, and you would have to make sure that the ftp server hands out the public IP for the passive connections back to it.

      If your server is going to only allow active connections, then you just need to make sure it can be let out to whatever ports it might be told to connect too.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • A
        anakaoka
        last edited by Jul 28, 2020, 9:52 PM

        Actually it looks like if you are running IIS 6.0 you can't set your public IP and it wont work even with 1:1 NATs. - so you need an ASA for fixup. And yes, the better question is why is someone running IIS 6.0.

        N 1 Reply Last reply Aug 3, 2020, 7:52 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Jul 28, 2020, 10:01 PM

          Yeah for sure IIS 6 - uggghhhh...

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 1
          • N
            Napsterbater @anakaoka
            last edited by Aug 3, 2020, 7:52 PM

            @anakaoka
            I have LONG LONG abandoned IIS FTP.

            I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth.

            But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6.

            For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings.

            R 1 Reply Last reply Aug 3, 2020, 8:40 PM Reply Quote 0
            • R
              Raffi_ @Napsterbater
              last edited by Aug 3, 2020, 8:40 PM

              @Napsterbater said in FTP not working:

              @anakaoka
              I have LONG LONG abandoned IIS FTP.

              I have used Filezilla FTP Server for quite awhile Though it has no capability to use AD/LDAP for user auth.

              But it does support Implicit and Explicit TLS for FTP, Passive and Active FTP and IPv6.

              For Passive FTP, just configure a range of Ports and forward those the to server, and configure the External IP in the Server settings.

              Second this ^
              Filezilla was my solution for a while also. It worked great and did exactly this with a range of passive FTP ports. Eventually ditched that Windows system and created a FreeNAS server with secure FTP access similar to the Filezilla. FreeNAS is pretty awesome stuff.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received