J. Echter wrote on Thu, Feb 11 2016 at 1:25 pm:
> But, i cant use it as i get errors like 'no data', error 227 'entering
> passive mode' and so on.
So the FTP client is in your location and the FTP server is somewhere
on the Internet? We've not had any issues with that under pfSense 2.x, and
specifically 2.2.x for Kevin. I looked at the link he posted and I'm guessing
you are hitting this:
"Passive mode on the client will require access to random/high ports outbound,
which could run afoul of a strict outbound ruleset. Environments with a
security policy that requires strict outbound firewall rules likely would not
be using FTP anyhow, as it transmits credentials without encryption."
In other words if you are allowing port 21 outbound but blocking outbound ports
over 1000, that would allow the initial connection and then fail on the data
connection(s). The FTP server would tell the client what port to use for the
data connection but then the client is blocked by the firewall. Try (in
Status: System logs: Settings) setting your firewall log to "Log packets
matched from the default block rules put in the ruleset" and see if that shows
the block in your firewall log. And just to over clarify, it is the FTP server
that tells the client what port to use, so you can't control that unless you
control the FTP server.
--
Steve Yates
ITS, Inc.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
