How should FTP work in 2.0?



  • Hi,

    How is outgoing FTP supposed to work now? From what I understand there is no userland ftp-proxy anymore.
    I can see dropped Port 21 packets in my logs then I allow this connection. After that I see lots of random ports blocked when I try to list directories on ftp servers, so the kernel proxy is not working. Am I doing something wrong?



  • You need to allow the ports on your LAN on the WAN side it is handled automatically.



  • So basically now I need to open up a hole of a lot of outgoing ports on my LAN side? That is not good. I do not want to open the ports > 35000 or something. That is really insecure, isn't it?



  • No, you open up destination port 21 for the targets.

    The kernel will automatically add the required pf rules for allowing the return traffic from port 20.



  • Yeah and that's what is not working….

    I opened up tcp 21 and after that I can see the dropped packets from ports higher > 35000 to the external ftp server. So the kernel proxy is not working....


Log in to reply