FTPS problem fixed?
-
In the past FTPS didn't work through pfSense, is this only a problem when NAT is enabled or is it a pure firewall problem, independent of the NAT configuration?
Do any FTPS problems exist in pfSense 2.1 at all or was this only a problem in the past?
Any other service causing troubles when used with pfSense?Thanks :-)
-
Did you tried it in active mode using a nat on wan to allow connections from any:20 to your ftp server ????
-
I currently don't have an FTPS server to test, will create a test environment the next days if necessary. Changing things on the client side is no option, it just has to work. Just wondering if someone knows more about the status of the FTPS problem without me having to test all scenarios ;-)
-
FTPS works fine and always has. It's not like FTP where a helper is needed for certain types of operations, that data in FTPS is encrypted and can't be touched by the firewall. That may necessitate other configuration like specifying the passive port range on the server and opening those ports.
-
hmm, I am quite sure I couldn't get FTPS workign through pfSense and that there are also some topics on this. Is it possible that you are mixing SFTP (FTP over SSH) and FTPS?
-
hmm, I am quite sure I couldn't get FTPS workign through pfSense and that there are also some topics on this. Is it possible that you are mixing SFTP (FTP over SSH) and FTPS?
SFTP is not FTP over SSH. See:
http://en.wikipedia.org/wiki/File_Transfer_Protocol#FTP_over_SSH_.28not_SFTP.29
-
thanks gderf, good to know. anyway, at least wikipedia confirms what I knew about FTPS, it's FTP over SSL/TLS. And that made problems with pfSense in the past. Just wondering what the current status is.
-
And that made problems with pfSense in the past. Just wondering what the current status is.
Did you read what cmb posted above? ::)
-
hmm, yeah, sorry. jost googled and found e.g. this http://forum.pfsense.org/index.php?topic=3017.0
Alraedy quite old, but I experienced problems myself in the past. Guess I just have to a test setup to be sure it works now. -
FTPS needs what I mentioned above with all firewalls to accommodate FTP's stupidity when that stupidity is encrypted and hence the firewall can't do anything with it or even see it.
