Outgoing FTP (Active mode) with dual-WAN problem
-
Hi Everyone,
First I'd like to thank everyone that is active on this forum, it has been such a great source of information to help me configure the firewall.
Now, I have an outgoing FTP problem.
I know what you are all going to say: "it's been posted a million time on the forum". I know and I probably read 99.9% of them, but I still have an issue, so please bear with me.My configuration:
I'm using the dual-wan connection with 3 ehternet connections (LAN, WAN and WAN2). pretty standard really.
I created a "fail-over" connection between the 2 WAN links and it all works like a charm.
I'm running version 1.2The only issue is creating an outgoing FTP connection in ACTIVE mode (passive works).
(I need active mode because one of my suppliers only accept those type of connection).I've tried everything I can think of (and read on every post found on this forum), such as:
-
Enable FTP help on LAN and/or WAN connection(s)
-
Disable FTP help on LAN and/or WAN connection(s) - every possible combination
-
Create a LAN rule in the firewall configuration that allow packets from the LAN to 127.0.0.1 on ports 8000 to 8030 (for the FTP helper
-
Create a LAN rule in the firewall configuration that allow packets from the LAN to 127.0.0.1 on all TCP ports
-
Allow ALL incoming TCP traffic on both WAN, as well as on the LAN
-
Create a specific LAN rule that direct all FTP connection (including TCP port 20 and of course 21) to a specific gateway (ie the first WAN card)
-
I have followed the instructions in the "FTP Troubleshooting" document
-
…
I have been stuck on this problem all week-end (and read on the forum all week-end) and it's driving me crazy
Heeeeelp! ;DThanks a million,
Stephane -
-
Hi,
I had pretty much the same problem you described so I'll give you a description of my setup. Hopefully this will work for you too.
You'll have to enable the FTP-Proxy userland application for your WAN and LAN interface. Then create a firewall rule on your LAN interface allowing from any (proto, source ip, source port) to 127.0.0.1 with the "default" gateway (the one named default ;). Make this rule the very first in your list (this is important!) Then add a NAT rule for your WAN interface TCP port 21 external address being the "interface address", internal your FTP Server. Let the script create the firewall rule for you, apply and go to the firewall rules. Copy the automatic NAT FTP Server rule just created and in this copy change the destination address to "WAN Adress". You should habe two rules for Port 21, one in one out.
This works for my FTP active and passive - in and out.
I hope it'll help you too.
Greetz
-
Hi,
I had pretty much the same problem you described so I'll give you a description of my setup. Hopefully this will work for you too.
You'll have to enable the FTP-Proxy userland application for your WAN and LAN interface. Then create a firewall rule on your LAN interface allowing from any (proto, source ip, source port) to 127.0.0.1 with the "default" gateway (the one named default ;). Make this rule the very first in your list (this is important!) Then add a NAT rule for your WAN interface TCP port 21 external address being the "interface address", internal your FTP Server. Let the script create the firewall rule for you, apply and go to the firewall rules. Copy the automatic NAT FTP Server rule just created and in this copy change the destination address to "WAN Adress". You should habe two rules for Port 21, one in one out.
This works for my FTP active and passive - in and out.
I hope it'll help you too.
Greetz
This worked for me.
Thank you!
-
Hi all,
This setup as described by Jeddaka works for me to, I do not have a ftp server in the network so only used the ftp helper settings and the rule on LAN interface.
Now all download links referring to ftp pages and also my ftp client are working fine.Thanks.