comet424 Posted December 4, 2023 Share Posted December 4, 2023 so i trying to setup a ftp server on my unraid box at home for my son to log into the server with filezilla to go through Pfsense router... now i read through google.. that unraid is unsecure and you need a vpn and such but i just wanting to open 1 port on pfsense and it just forwards to the ftp server so it shouldnt have an issue right? so i did install sftpgo but there is issue when i try logging in i get error ``` Response: 227 Entering Passive Mode (10,0,0,10,195,122) Command: MLSD Response: 425 accept tcp [::]:50042: i/o timeout Error: Failed to retrieve directory listing Status: Connection closed by server ``` yet using the web client works to log in... but i want to make it work with filezilla so he can transfer his videos he uploads to youtube.. and what not... not sure how to make sftpgo to work.. and if not what other ones work? Quote Link to comment
MAM59 Posted December 5, 2023 Share Posted December 5, 2023 (edited) Dont know about sftpgo, I use "crushftp" on UNRAID (as a Docker) It comes with a webinterface, you can allow different ports (arbitary port for web, 20/21 for normal ftp, 990 for sftp over ssh and as you wish, many more), create users (independend to UNRAID), assign them allowed folders with seperate permissions each (eg: readonly for Movies, readwrite for a homeshare to upload the videos and so on). The tricky thing is to get it to work on the internet. For normal FTP operations it is best to forward ports 20/21, 990 and also allow the "passive reverse" range (configurable) directly in your router. For the web ports (defaults to 8080 and 8081) it worked best for me to put it behind a NGINX reverse proxy with SSL certificate from LetsEncrypt (different story, you can find info about this in this forum) For direct FTP you can create local certificates with a long runtime (can be done directly inside CrushFTP). It does not matter that these are "selfsigned", in FileZilla you have to allow each certificate once, if "legal" or not. for your current setup I would say you have forgotten to allow the passive ports (educated guess for your setup: 50000-60000) in your firewall. So the client gets contact to the command channel, but the server cannot talk back on a random data channel). Passive FTP works this way 1* client connects on the command channel (normally 20) 2* client asks for PASSiv mode 3* server replys with a random (or mostily sequential) port of the defined passive range and opens an incoming socket on this port 4* client opens a new connection to this port 5* communication continues normally. You currently fail at stage 4 because the newly opened port does not make it through your router and firewall Whatever FTP server you use, setup is not easy because it is a very old protocol and violates today's net security. Because it uses different ports for commands and data transfer and even reverses the direction of "who contacts whom?", firewalls and routers need to support it in a special way. Also, the use of passive mode is much more complicated to get it to work on the server side. Edited December 5, 2023 by MAM59 Quote Link to comment
MrGrey Posted December 5, 2023 Share Posted December 5, 2023 7 hours ago, comet424 said: so i trying to setup a ftp server Why?... 7 hours ago, comet424 said: to go through Pfsense router... Why?... 7 hours ago, comet424 said: that unraid is unsecure and you need a vpn OK... I'll bight, and you're using pfSense for what? 7 hours ago, comet424 said: i just wanting to open 1 port on pfsense That's what I do... Oh shit, I've given myself up, haven't I? 7 hours ago, comet424 said: not sure how to make sftpgo Are you sure you want to? MrGrey. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.