Pfsense

Configuring Secure FTP with Pfsense

Creating FTP over SSL secure server using Filezilla with Pfsense

1-     First step would be by creating the groups/users you want to create.

Second click settings and go to Passive Mode settings and configure it as below, where your Public IP needs to be of the firewall that NATs the connection.

Make sure that the FTP server’s Public IP reflects the Firewall IP that you’re configuring the FTP connection on.


2-    Now it’s time to configure the SSL/TLS settings

You first need to Generate a certificate in order for the connection to be secured and data to be encrypted. you can do that through the FileZilla server app it self too as you can see in the snapshot there’s an option where you can do that.

Just click Generate new certificate, fill in the information.. you can randomize it if you want just type in anything and click ok when finished and select the option according to the snapshot.

3- Firewall configuration:

In my case I’m using Open source software firewall which to be honest doesn’t vary that much from hardware firewall since they are all web based.

I’ll configure two NAT rules enabling FTP secured standard port which is (990) in my case to avoid attackers who usually target port 21. And enable FTP data port range for data exchanging between server and client which in this case needs to be a big range in order to not slow down the connection and for client to be able to open more than socket in case of big amount of data transferring.

First rule will enable incoming connection from any source to the internal LAN IP which host the FTP server on port 990 to establish the FTP secure connection.

Second rule will enable incoming connection from any source to the FTP server on LAN on data range port from 50000 to 51000.

In the destination IP , you need to set the WAN IP address which you have specified earlier in FTP Server’s Passive mode settings. 

Make sure when you setup your client you set the transfer mode to passive. and here’s the result:

For File Sharing Server over HTTP you can use HFS application

http://www.rejetto.com/hfs/

moh10ly

Leave a Comment
Share
Published by
moh10ly
4 years ago

Recent Posts

Reset passwords for Active Directory Users

Reset and manage your Active Directory users' Passwords Active Directory is one of the most…

1 year ago

Finding Exchange Database hidden mailboxes. ​

Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…

1 year ago

Setting up ADConnect and PTA (Password auth through) servers agents behind proxy

If you're using a Proxy server in your firewall or in your network and have…

1 year ago

Get Report of Active Directory Locked Accounts and Machine they logged in from

Story:I got some clients  that have reported some of their users being locked out and…

1 year ago

Checking and Providing Full and SendAs delegate access on O365 Exchange Online

Delegate Permissions This is a code that I have wrote recently to check if an…

1 year ago

Retrieving attachments from Exchange mailbox using python

Story: I got a request from a client who constantly gets CVs and have to…

2 years ago