OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: mrrodge on February 24, 2020, 06:01:08 pm

Title: DMZ and FTP
Post by: mrrodge on February 24, 2020, 06:01:08 pm
Trying to create a DMZ to put a web server in.  I have OPNSense running on a dedicated server in a Hyper-V VM and have configured 3 interfaces; one LAN, one WAN and one DMZ.  I've set up block rules to stop traffic crossing from the DMZ to the LAN and vice-versa then added a port forward rule to send all ports/protocols to the web server host in the DMZ.

1) Is my approach right?  It seems to work and my DMZ machine can see/be seen from the net.

2) FTP is broken; I get a connection and a log in, but it fails to list the directory.  If I put another VM in the DMZ it works so it's definitely OPNSense!  It happens with plain FTP and TLS.

Thanks!
Title: Re: DMZ and FTP
Post by: fabian on February 24, 2020, 06:21:24 pm
FTP requires the FTP proxy plug in and plaintext. Otherwise OPNsense cannot forward your traffic to the right machine.
Title: Re: DMZ and FTP
Post by: mrrodge on February 25, 2020, 09:40:38 am
OK thanks - much appreciated.  Will post back if further difficulties!
Title: Re: DMZ and FTP
Post by: bartjsmit on February 25, 2020, 10:55:45 am
FTP is broken

This is true in so many ways  ;)
Title: Re: DMZ and FTP
Post by: mrrodge on February 25, 2020, 12:51:00 pm
Works great - thanks!