Does anyone can help me to get working active ftp trough firewall?
Thank you all.
active ftp is not possible without an active aplication layer gateway which was removed to security reasons.
Can i add alg?
We have removed it with good reason. This alg’s break the whole NAT firewall. An attacker can open ports to every IP in your network so it is a really bad idea.
Normally ftp needs replaced at all because unsecure plaintext passwords, but if there is no way arround use passive mode instead. There is no alg needed and no second open ports.
1 Like
I know that but, i have a big problem with one of app, it uses active ftp and there is no other way. So i need active ftp trough my ipfire.
Depending on where your client is, the problem is probably the firewall that is protecting that client (I assume IPFire protects the server).
You should use passive FTP, since anything else is just going to make your life difficult.
@arne_f: The ALG was for passive FTP only
Client is behind ipfire (my network) and server only supports active ftp.
So I can only make things to hapen!
You will have forward the ports your client is using for FTP to that computer then. It’s a simple port forwarding, but it is a security issue.
I tried different settings for port forwarding but no one works, port 21 works without any problems but 20 not. I cant list directory on server. Server belongs to one of ministry so i can put his ip in forwarding rules and makes things secure.