Netgate SG-1000 microFirewall

Author Topic: FTP & Ftp Helper - with internal server and internal to external client.  (Read 2926 times)

0 Members and 1 Guest are viewing this topic.

Offline Superman

  • Full Member
  • ***
  • Posts: 137
  • Karma: +0/-0
    • View Profile
Hey Everyone,

I've read through all the posts I could find about FTP and more specifically the new FTP helper. I couldn't find exactly the answer I was looking for.

I understand that presently the documentation is scanty as the primary focus is on development, etc, so I was just wondering how to configure the following.

I have pfSense running on an older computer with 2 interfaces, 1 WAN, 1 LAN, nothing unusual.

On my internal network I have several computers, mostly workstations, but 1 is a *nix server with a private ftp server for some of my friends.

I have added the necessary NAT/Firewall rules, and previously this seemed to work. However then I had problems with internal FTP clients connecting to external servers. With the new per interface FTP Helper I messed with various settings - both enabled, only WAN or only LAN enabled, both disabled - it only seemed to work with both disabled in PASSIVE mode only. ACTIVE mode would just fail. Recently, with pfSense version 0.96.2 I decided to try messing with it again. Now if I enable the helper on both interfaces I can connect to external clients in ACTIVE mode!! Now that's great, but now however it seems nobody can connect to my internal server.

It seems I have two helpers running:

Code: [Select]
# ps aux | grep pftpx
proxy     711  0.0  0.8  1276   936  ??  Ss    5:53PM   0:00.06 /usr/local/sbin/pftpx -c 8021 -g 8021 <pfSense-ip>
proxy     843  0.0  0.8  1276   916  ??  SNs   5:53PM   0:00.02 /usr/local/sbin/pftpx -f <ftp-server-ip> -b <wan-ip> -c 21 -g 21

Perhaps this is causing the problem?

Anyway, I would like to be able to use internal clients in ACTIVE mode, and to allow connections to my internal server. Is this possible, and if so, what settings do I need to use?

Thanks for you help!!!  ;D