Hello list, I seem to be having some problems with opening ports the correct way on my pfsense firewall. I have a client that is behind a pfsense firewall that needs to use ftp to download from from a provider (insurance company)
Their tech docs tell me to open ports 20,21,80,443,7950-8079 for all of their ip addresses for the communication to work properly, They gave me a list of ip addresses, and i have created rules for each ip address to port forward the ports to the machine doing the downloading. let me take a step back..... the default configuration for pfsense is to let all lan traffic pass to the WAN unrestricted. any computer on the lan can access any computer on the internet on any port, correct? There is a rule under the LAN that has that in it at least. Which is why its confusing me why this client cant use the download client for the provider, and all it does is open an FTP connection and download new policies to their system. they sent me a list of ip addresses of their servers, telling me that those the machine downloading the polcies needs to be able to connect on the ports above to their servers. and if the lan going out is unrestricted, then i dont understand why it isnt working. first i made rules stating that their ip address -> on the ports specified -> goes to the ip address of the local machine doing the download. that didnt work. So then i changed the rules to allow their ip address to ANY port on the local ip address doing the downloading and that didnt work either. i also added LAN rules to allow the local machine to connect to their ip address on the specified ports. didnt work either. the pfsense firewall replaced their SBS2003 machine as the firewall and it was working with that, there were no ports open on the SBS server to allow the access (which tells me how bad the SBS firewall actually was) but its creating a big problem for my client not being able to download new policies into their system. Is there something special im suppose to be doing to open ports for this kind of communication? it shouldnt be this complicated, all i need to do is make sure one machine on their local network can ftp into their machines using passive ftp to download information. what am i doing wrong? Also, does pfsense do ALG? I have another client that is doing Voip and is getting one way audio, which from what other people have told me and ive read on the internet is a firewall issue. Its like an issue of the pbx making a call, going out on one port and when it gets the packets back on another port it messes with the header of the packet and it doesnt know how to get back to the originating machine. i have all the nessesary ports for sip and voip open pointing to the pbx on the network. it all seems complicated and im having a heck of a time with getting pfsense to do the job i need done. ive read other post of people having problems with FTP an pfsense, but never found a real solution for the problem. any help on this subject would be greatly appreciated. Thanks for any and all help. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
