Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rule for connecting to ftp server outside network

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sadburger
      last edited by

      Hello,

      We have recently started testing pfSense to replace some of our old OpenBSD boxes, rather than just upgrading them to the newer version. So far I am enjoying the ease of use, and configuration utilities in the GUI. However, we have run into one problem in particular – allowing internal clients to access FTP sites that are external to our network.

      I have searched around a lot, and for the most part I can only find posts relating to the opposite-- allowing external access to an internal FTP server.

      Our company security policy dictates that we do egress port blocking in addition to ingress, which is what is causing the trouble. If I allow all outbound traffic, things work smoothly, but with pfSense I am not sure how to configure the machine to act as an ftp-proxy. With our old pf firewalls on OpenBSD, this could be achieved with something similiar to:

      nat-anchor "ftp-proxy/"
      rdr-anchor "ftp-proxy/
      "
      rdr pass on $lanif proto tcp from $lanif:network to any port 21 -> 127.0.0.1 port 8021
      pass in quick on $lanif inet proto tcp $lanif:network to $lanif port 8021

      Don't have a config in front of me, going from some notes and memory, but that should be pretty close

      There is currently no NAT being done on the pfSense box right now, as it is not the edge firewall for the network but sits between two private segments.

      Any hints?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.