Symptom: FTP Client does not work.
Applies to: PFSense firewall guarded networks.
Explanation:
PFSense does not allow the native FTP application out. It uses a built in FTP proxy application to proxy all FTP connections through.
The firewall logs will not even show dropped packets!
Solution:
To configure do the following for each LAN interface that you want FTP clients to operate on.
Interface:
1. Uncheck the disable userland FTP proxy application.
Corresponding interface firewall ruleset:
1. Allow src=any proto=tcp spt=any dst=127.0.0.1 dpt=Range(8000-8030).
The port range 8000 to 8030 is where the FTP proxy operates at, and it listens on the loop back address for that interface.
Operate FTP clients and applications as normal.
No comments:
Post a Comment