Active FTP from opt to LAN network
-
I'm trying to ftp from a host on one of my OPT interfaces to a host on the LAN interface. Using active mode I can't get a data connection. My logs show blocks from the source host on OPT to port 20 on my FTP server with a protocol listed of TCP:SA. Rules allow full access between hosts. The block reason is
The rule that triggered this action is:
@1 scrub in on em0 all fragment reassemble
@1 block drop in log all label "Default deny rule"I've tried disabling the ftp proxy under system tunables, but it didn't make a difference. Not sure if it really has any impact between interfaces? I also tried setting my optimization setting down to conservative.
Running the 2.0 release build from September 2011.
thanks
-
If you are not using ftp proxy, you need a rule to allow traffic com ftp server source prot 20 to client ip any port.
-
If you are not using ftp proxy, you need a rule to allow traffic com ftp server source prot 20 to client ip any port.
I have a rule allowing unrestricted access from the server to the client to and from any port
TCP <server ip="">* <opt subnet="">* * none allow fs1 to imaging </opt></server>