FTP FreeNas and Pfsense help

khairy.boub · Sep 10, 2015, 1:14 PM

I am trying to set up my freenas's ftp to be accessible from outside my network. I can't access to my ftp

Firewall: NAT: Port Forward

in freenas

Masquerade address - WAN interface
Minimum passive port - Set this to an available highport (larger than 1023) which is not being used for any port forwards, for example 50000
Maximum passive port - Set this to an available highport which is 500 higher than the minimum passive port , for example 60000

set up port forwards for TCP ports 20 and the 10000-10500 range from your WAN interface to the IP address of your FreeNAS device

Firewall: NAT: Port Forward

FTP client you are using is configured to connect in passive (PASV) mode, and everything not work

client ftp have this message

**Transfer channel can't be opened **

A reason is likely a firewall or NAT blocking a data connection.

johnpoz · Sep 10, 2015, 3:15 PM

why would you have that rule on your lan for port forward? Why would you have UDP? Why do you not have a dest address that should be your wan address not *

Where did you get the idea that you would have to forward 20?? 20 would never have to be forward to your box no matter if active or passive client or server. 20 is used as source port in an active connection from the server.

If you have your ftp server using 50k to 60k for ports which is HUGE range.. How many active ftp connections do you plan on having? And then why are you forwarding them to 20 to 10020 if your ftp server is using 50000 to 60000.. How would that ever work?

If your server is using 50k to 60k for passive then foward 50k to 60k to your ftp server. Because your server will tell the client hey connect to me on port X in that range. Again that is a HUGE freaking range.. why not use something more realistic like 50k to 51k that would allow for 1k concurrent connections.

A better option is why not just use sftp, which is SECURE!!! And easier to forward since its just 1 port 22 not control and data ports and different setups if client is active or passive, etc.

If your going to use ftp through a firewall you really should fully understand how the protocol works – here is a great write up
http://slacksite.com/other/ftp.html

If your going to use a different port.. You need to make sure clients understand that they have to use that port not 21

edit: Here you go set this up in a min or so

So setup my ftp server to use 5k to 5100, forwarded 21 and 5k to 5100 to my ftp server on 192.168.9.8

Then from the outside made a connection to my public IP, went into passive mode as you can see server told it to connect to its public ip on port (19*256)+217 which = 5081 which is in the range of the passive I setup.

khairy.boub · Sep 10, 2015, 3:29 PM

thinks for your help
but please how creat this : nat port range

The following input errors were detected:

A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535.

johnpoz · Sep 10, 2015, 3:33 PM

huh? You setup those ports to be used on your ftp server.. Then just create the forward.. When you do a range you put in the first port of the range only in the redirect.. here is pic

khairy.boub · Sep 11, 2015, 1:08 PM

thanks thanks thanks :) :) :) it is solved

johnpoz · Sep 11, 2015, 12:41 PM

thinks? you mean thanks? ;)