FTPProxy and SFTP



  • Hi guys!
    Unable to set up a connection to the FTP server via sftp.
    I use a package ftpproxy and pfsense 2.2.5.
    When you connect to on the FTP is no problem.
    If you disconnect ftpproxy and client explicitly prescribe parameters - connects normally.
    I found in documentation recommendation to open additional ports for ftpproxy (20,21,989,990).
    I made for this article:
    https _ // doc.pfsense.org/index.php/FTP_Troubleshooting

    I need your advice and assistance.


  • Banned

    SFTP is not using FTP protocol at all. If you actually mean FTP with SSL/TLS, then the proxy is useless for that, exactly like the previous FTP helpers. Nothing changed for you at all. You already have the docs link, not sure what other advise you need.



  • @doktornotor:

    SFTP is not using FTP protocol at all. If you actually mean FTP with SSL/TLS, then the proxy is useless for that, exactly like the previous FTP helpers. Nothing changed for you at all. You already have the docs link, not sure what other advise you need.

    Thanks for the answer.
    The fact is that to solve the problem using this link.
    I need to connect and use FTP and FTP with SSL/TLS via FTPProxy.
    Now it turns out only by turning off FTPProxy and manuall setting on client.


  • LAYER 8 Global Moderator

    The current proxy the old helper/proxy could do NOTING with ftps..  The helper/proxy looks in the control channels and fixes the IP to be public, and opens ports if needed in the firewall for data channel.  When your control channel is encrypted… It is not possible for helper to see anything in the control channel to either change the IP to the public one vs private or know what ports to open via seeing the port command..

    Why don't you just connect in passive mode.. You don't need anything special to connect in passive mode.. Since in passive mode the server tells you what port to connect too.. So unless you have restrictive outbound firewall rules that limit ports.. You can connect to any ftp ftps server using ssl/tls or not since there is no aspect of the data channel where the server is connecting to you..  Its all you connecting to the ftp server IP and ports.



  • @johnpoz:

    The current proxy the old helper/proxy could do NOTING with ftps..  The helper/proxy looks in the control channels and fixes the IP to be public, and opens ports if needed in the firewall for data channel.  When your control channel is encrypted… It is not possible for helper to see anything in the control channel to either change the IP to the public one vs private or know what ports to open via seeing the port command..

    Why don't you just connect in passive mode.. You don't need anything special to connect in passive mode.. Since in passive mode the server tells you what port to connect too.. So unless you have restrictive outbound firewall rules that limit ports.. You can connect to any ftp ftps server using ssl/tls or not since there is no aspect of the data channel where the server is connecting to you..  Its all you connecting to the ftp server IP and ports.

    Thanks for the answer. Perhaps indeed a problem in the client. I'll check.


Log in to reply