It works fine if you set everything up properly, but since many
clients will use passive mode by default to get through NAT, you will
need to forward a port range for passive mode use and configure your
FTP server to use that port range.
Unfortunately, as far as I know there's no (easy, anyway...) way to
have the firewall/NAT rules triggered automagically when a PASV
request is made, so those ports will always be open to the internal
machine, which might cause you other certification issues. I seem to
recall that when I was using Linux iptables to do NAT there was an ftp
connection tracking module that could do this automatically, but as
far as I can tell FreeBSD (or at least pfSense) doesn't have this
capability.
Keenan
Quoting Vick Khera <vi...@khera.org>:
On Thu, Oct 1, 2009 at 1:41 PM, Evgeny Yurchenko
<evg.yu...@rogers.com> wrote:
I do not believe pftpx has setting this. I would disable ftp-helper on WAN
and use NAT port-forwarding top you FreeBSD ftp-server (I use pfSense in
this way).
How portable is this to various ftp clients? I've done this in the
past but it failed with some ftp clients, as I recall.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
