Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static routing - FTP download hangs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 736 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      ilab
      last edited by

      Hi!

      We are experiencing some strange behaviour in our LAN concerning static routes. We switched to a pfSense box as our main router/firewall in our office. We have a static route to a gateway, which connects our LAN (lets call it LAN1) to another LAN (lets call it LAN2). LAN1 has the IP 192.168.1.0/24 and the pfSense box is used as the default gateway to connect to WAN. LAN2 has the IP 10.10.30.0/24. The gateway in between has the IP 192.168.1.200 on LAN1 (the other gateway is not operated by us, and it worked for years without problems)

      Looks like this:

      WAN –- pfSense --- LAN1 --- other gateway --- LAN2

      What we did:
      We added a Gateway ("System > Routng > Gateways" tab) on the LAN interface (which is connected to LAN1) and a static route to 10.10.30.0/24 using this gateway.
      And we checked the "Bypass firewall rules for traffic on the same interface" box on the "Advanced/Firewall/NAT" Tab.

      The Problem: when a FTP connection to a host in LAN2 is established, everything works fine, directory listing gets transferred, file download works as expected. But the file upload hangs after a few kB of data, thus leading to an error (426: failure reading network stream - broken pipe)

      FTP and even FTPS connections from LAN1 to WAN work fine in both directions.

      We are using pfSense 2.2.4 full installation.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        whats the reason you configured a gateway for a known network?
        gateways tend to be used when dealing with unknown networks…

        no clue why your ftp fails, could be many things: policy routing going wrong, unwanted NAT getting messy, ...

        more info required (screenshots of config + packet capture) & test without the gateway please

        1 Reply Last reply Reply Quote 0
        • I Offline
          ilab
          last edited by

          Hi heper,

          thanks for your reply. The reason we have a gateway is, that the network LAN2 is operated by another company (we are their customers and use their servers) the gateway does the firewalling.
          In the meantime we did some testing and found out, that active FTP actually works fine - just passive FTP hangs. We decided, that we can live with this behaviour - although even passive FTP should work.
          (If we disable the firewall (System > Advanced > Firewall/NAT  "disable all packet filtering") even passive FTP works as expected)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.