I have an FTP server running behind my UTM 9.605. It's set up for passive mode connection and to use TLS on a non-standard FTP port (2121).
Right now I have it configured to use a specific range of ports for PASV connections. 51000-51050
I have DNAT rules for external traffic on ports 2121 and 51000-51050 through to the FTP server IP and packet filters to allow that traffic through.
Everything works as intended.
But I have to leave those PASV mode ports open all the time.
What is the purpose of the FTP connection tracking helper? Is it to handle the dynamic PASV mode ports for an internal FTP server or to manage the return connection port 22 on ACTV mode FTP for internal clients? Would it still work using TLS?
Because I'm using a non-standard port for the FTP connection, is the helper bypassed?
I'd appreciate some insight. Thanks.
It's been a loooong time since I configured a UTM. Back in the Astaro days.
This thread was automatically locked due to age.