Rule for connecting to ftp server outside network

NAT
Log in to reply
  • S

    Hello,

    We have recently started testing pfSense to replace some of our old OpenBSD boxes, rather than just upgrading them to the newer version. So far I am enjoying the ease of use, and configuration utilities in the GUI. However, we have run into one problem in particular – allowing internal clients to access FTP sites that are external to our network.

    I have searched around a lot, and for the most part I can only find posts relating to the opposite-- allowing external access to an internal FTP server.

    Our company security policy dictates that we do egress port blocking in addition to ingress, which is what is causing the trouble. If I allow all outbound traffic, things work smoothly, but with pfSense I am not sure how to configure the machine to act as an ftp-proxy. With our old pf firewalls on OpenBSD, this could be achieved with something similiar to:

    nat-anchor "ftp-proxy/"
    rdr-anchor "ftp-proxy/    "
    rdr pass on $lanif proto tcp from $lanif:network to any port 21 -> 127.0.0.1 port 8021
    pass in quick on $lanif inet proto tcp $lanif:network to $lanif port 8021

    Don't have a config in front of me, going from some notes and memory, but that should be pretty close

    There is currently no NAT being done on the pfSense box right now, as it is not the edge firewall for the network but sits between two private segments.

    Any hints?

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy