[SOLVED] Ftp Passive mode and firewall

virmix · Jan 23, 2022

If I enable firewall with that rules the ftp connect, but not in pasive mode

https://pve.proxmox.com/wiki/Firewall#_tips_and_tricks

I run
modprobe ip_conntrack_ftp
and not work

oguz · Jan 24, 2022

hi,

virmix said:
If I enable firewall with that rules the ftp connect, but not in pasive mode

passive FTP mode opens a random port on the server side for the data connection [0] so you'll have to allow a range of ports i guess

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)

FTP server's port 21 to ports > 1023 (Server responds to client's control port)

FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)

FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)

[0]: https://slacksite.com/other/ftp.html

virmix · Jan 24, 2022

Now wrok

Search

Search

[SOLVED] Ftp Passive mode and firewall

virmix

Member

oguz

Proxmox Retired Staff

virmix

Member

We value your privacy