# FTP Client on server with firewall



## Slade (Aug 18, 2010)

This falls under dumb question I guess but am I right in assuming that if I want to use an ftp client (fetch for ports) on the actual machine that FreeBSD & PF reside on I have to actually open up ports and I can't use ftp-proxy or something like it? Because using ftp-proxy on the server itself would seem to create an infinite-loop of redirecting outgoing port 21 traffic (which clicked after I had started trying to get it working since I didn't have any experience with this before).

I was just wondering if there was an elegant solution to this as most documentation seems to be geared towards a firewall with 2 NICS in front of other machines. I'm trying to configure a firewall on a single FreeBSD server and allow ftp so I can use the ports collection. This seems to be something that isn't covered very well. At least not in the handbook or The Book of PF (which is geared towards firewall dedicated machines protecting a network).

I've read about the difference between passive and active ftp but it still seems like I would need to open a large number of outgoing ports with passive ftp. So I'm just looking for some clarification on this subject.


----------



## SirDice (Aug 19, 2010)

Fetching something using FTP only requires the ability to connect to the outside world. You will however need to run the FTP client in 'passive' mode or it won't work.

Setting up a server can be somewhat tricky. Your clients are probably behind a firewall so they must use passive mode. If your server is firewalled this can cause problems. That's where ftp-proxy comes in.


----------

