No problem ;-) Thats the answer i expected...
So there is really no way to accomplish this with some kind of FTP-helper used in pfSense to open up just a few ports... ? I really need the whole portrange for FTP to be opened as defined in the FTP-server ? Thanks so far for your help ;-) Regards, martin -----Ursprüngliche Nachricht----- Von: Michael Schuh [mailto:[email protected]] Gesendet: Dienstag, 20. Januar 2009 00:27 An: [email protected] Betreff: Re: [pfSense Support] FTP Server in Routed DMZ Hi, in my possible solution NO, because you use the ftp-server w/o Proxy. Communication goes directly to your ftp-server. Please checkout also the portranges from your ftp-server if it is not an OpenFTPD (used by FreeBSD/OpenBSD). It can differ from the ports that i have described. (sorry i have forgotten to say, that my tips are related to this ftpd). The proxy is needed for the users in your holy internal LAN. 2009/1/20 Fuchs, Martin <[email protected]>: > Should the FTP-helper service be activated or deactivated on the > WAN-Interface ? > > -----Ursprüngliche Nachricht----- > Von: Michael Schuh [mailto:[email protected]] > Gesendet: Dienstag, 20. Januar 2009 00:14 > An: [email protected] > Betreff: Re: [pfSense Support] FTP Server in Routed DMZ > > Hi, > > solution: > Open the Ports described in man 4 ip IP_PORTRANGE_HIGH > referenced by man ftp-proxy or lookup in sysctl net.inet.ip.portrange > like: > net.inet.ip.portrange.hilast: 65535 > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.last: 65535 > net.inet.ip.portrange.first: 49152 > > from WAN to your FTP server and all gets fine. > > regards > > michael. > > > > 2009/1/20 Fuchs, Martin <[email protected]>: >> Hi ! >> >> I have set up a FTP server in my DMZ with an official IP address. >> From WAN -> DMZ the IPs are routed (no NAT). >> I opened up port 21 from WAN -> DMZ for FTP but of course I cannot transfer >> any files. >> It seems to require some more ports, so I thought the FTP-helper on the >> WAN-side could be helpful, but this also does not work... >> >> Does anyone have any idea how to set this up without opening this ton of >> ports FTP requires ? >> >> I know FTP is not the preferred way, but we need this :-( >> >> I'd be thankful for every hint... >> >> Active FTP is not really an option because most FTP-clients live behind NAT >> devices so there's the problem of the data-connection again... >> >> Regards, >> >> Martin >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Commercial support available - https://portal.pfsense.org >> >> > > > > -- > === m i c h a e l - s c h u h . n e t === > Michael Schuh > Postfach 10 21 52 > 66021 Saarbrücken > phone: 0681/8319664 > mobil: 0177/9738644 > @: m i c h a e l . s c h u h @ g m a i l . c o m > > === Ust-ID: DE251072318 === > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
