How should FTP work in 2.0?
-
Hi,
How is outgoing FTP supposed to work now? From what I understand there is no userland ftp-proxy anymore.
I can see dropped Port 21 packets in my logs then I allow this connection. After that I see lots of random ports blocked when I try to list directories on ftp servers, so the kernel proxy is not working. Am I doing something wrong? -
You need to allow the ports on your LAN on the WAN side it is handled automatically.
-
So basically now I need to open up a hole of a lot of outgoing ports on my LAN side? That is not good. I do not want to open the ports > 35000 or something. That is really insecure, isn't it?
-
No, you open up destination port 21 for the targets.
The kernel will automatically add the required pf rules for allowing the return traffic from port 20.
-
Yeah and that's what is not working….
I opened up tcp 21 and after that I can see the dropped packets from ports higher > 35000 to the external ftp server. So the kernel proxy is not working....