pfSense ProFTPd and the FTP Helper

January 7th, 2009

I'm not a big fan of the FTP helper, but in some cases it works. One problem I have with it is that proftpd ends up only having connections from the gateway ip address, so it does not log the source ip address.

To do away with the ftp helper and support passive ftp transfers, I found this pfSense FTP Trouble Shooting page helpful. In a nutshell, I did the following things:

  • Disabled the FTP userland helper for all interfaces.
  • Specified the masqueraded ip address and a limited port range in /etc/proftpd/proftpd.conf
  • Port forwarded port 21 and the port range in pfSense to the proftpd server

It works! I'm planning to install fail2ban now that I have ip addresses I can ban! :-)


Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022