FTP FreeNas and Pfsense firewall issue.

virtualliquid · Mar 8, 2012, 12:20 AM

Ok, I see that a very similar topic is posted here a few times, but I went through all the explained help there and still have not got this to work. I am using PfSense 2.0.1, and freenas version 0.7.5 revision 9898.

I am trying to set up my freenas's ftp to be accessible from outside my network. I can access my ftp just fine on my network by simply opening a browser and typing ..ftp://192.168.1.10…

My freenas box is static on 192.168.1.10, here is some screenshots of what my pfsense rules look like. What am I missing here?

virtualliquid · Mar 8, 2012, 11:50 PM

Nothing? :'(

KrPacMan · Mar 9, 2012, 8:10 AM

On the NAT-rule, should the destination really be the WAN-subnet? Should it not be the LAN subnet?

virtualliquid · Mar 12, 2012, 10:59 PM

@Kr^PacMan:

On the NAT-rule, should the destination really be the WAN-subnet? Should it not be the LAN subnet?

That did not change anything, it still does not work? I have googled the heck out of this problem, and still can not find a solution.. :(

inflamer · Mar 13, 2012, 3:55 PM

Is the FTP server configured for active or passive mode? Are you using FTP Helper?

Depeding on how the FTP server is configured, you might also have to port forward TCP port 20, and/or the passive port range configured on the FTP server (If operating in passive mode).

-Andreas

KrPacMan · Mar 15, 2012, 8:11 AM

As inflamer said, normally you use a port range that is used for passive data transfers. What FTP software are you using?

virtualliquid · Mar 15, 2012, 8:19 PM

@inflamer:

Is the FTP server configured for active or passive mode? Are you using FTP Helper?

Depeding on how the FTP server is configured, you might also have to port forward TCP port 20, and/or the passive port range configured on the FTP server (If operating in passive mode).

-Andreas

I am not sure what mode my ftp server is in, not sure if I have seen this option on freenas, and for ports on the ftp server I even opened all the necessarry ports to the whole network and still same results. As for ftp software, I just want to be able to simply access it via web, click and download necessary files.

inflamer · Mar 15, 2012, 10:20 PM

Documentation for configuring FTP on FreeNAS can be found at http://doc.freenas.org/index.php/FTP.

The settings which you have to make sure are set are:

Masquerade address - Should be set to the public address of your WAN interface
Minimum passive port - Set this to an available highport (larger than 1023) which is not being used for any port forwards, for example 10000
Maximum passive port - Set this to an available highport which is 500 higher than the minimum passive port which you configured, for example 10500

Now what you need to do is to set up port forwards for TCP ports 20 and the 10000-10500 range from your WAN interface to the IP address of your FreeNAS device. Make sure that you also create associated firewall rules to allow this port forwarded traffic.

When you attempt to connect to your FTP server through the WAN interface, make sure that the FTP client you are using is configured to connect in passive (PASV) mode, and everything should work as a treat.

Andreas