How should FTP work in 2.0?
How is outgoing FTP supposed to work now? From what I understand there is no userland ftp-proxy anymore.
I can see dropped Port 21 packets in my logs then I allow this connection. After that I see lots of random ports blocked when I try to list directories on ftp servers, so the kernel proxy is not working. Am I doing something wrong?
eri-- last edited by
You need to allow the ports on your LAN on the WAN side it is handled automatically.
So basically now I need to open up a hole of a lot of outgoing ports on my LAN side? That is not good. I do not want to open the ports > 35000 or something. That is really insecure, isn't it?
databeestje last edited by
No, you open up destination port 21 for the targets.
The kernel will automatically add the required pf rules for allowing the return traffic from port 20.
Yeah and that's what is not working….
I opened up tcp 21 and after that I can see the dropped packets from ports higher > 35000 to the external ftp server. So the kernel proxy is not working....