• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ipsec rules not working

Scheduled Pinned Locked Moved IPsec
5 Posts 2 Posters 653 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zaber01
    last edited by Dec 19, 2020, 11:50 AM

    hello , I have one concern . Actually I created the ipsec vpn between two pfsense and every thing is working fine. My one local network in 192.168.2.0/24 behind of firewall A and other is 192.168.1.0/24 behind firewall B. They are accessable to each other and working good.
    Now the problem is that , I have to give the access of FTP only in my ipsec tunnel so that PC of firewall A can only take the FTP of PC of firewall B .
    Whenever I am manipulating the rules in under ipsec tab like:

    Protocol- TCP
    Source-192.168.1.2/24 (PC of firewall A)
    Destiation-192.168.2.2/24(PC of firewall B)
    D.Port-21

    then the issue get created and I am not able to take the ftp connection.I tried every possible variation but rule only work if I do all thing to any.
    Note(This is rule is created at Firewall B only ; where I want to take FTP).
    I only want to allow FTP service in my ipsec tunnel
    Any one can help me please.

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Dec 19, 2020, 12:01 PM

      What sort of FTP is it?

      You probably need to pass the data port range the server is using as well as port 21.

      Steve

      Z 1 Reply Last reply Dec 19, 2020, 12:10 PM Reply Quote 0
      • Z
        zaber01 @stephenw10
        last edited by zaber01 Dec 19, 2020, 12:11 PM Dec 19, 2020, 12:10 PM

        @stephenw10 I am using vsftp on ubunut system. And according my knowledge data port used by ftp in 20 and for connection it uses 21.
        So u you mean i have to allow only 20 and 21 port number for only FTP.

        Z 1 Reply Last reply Dec 19, 2020, 12:23 PM Reply Quote 0
        • Z
          zaber01 @zaber01
          last edited by zaber01 Dec 19, 2020, 12:23 PM Dec 19, 2020, 12:23 PM

          @zaber01 I allowed both port and able to take ftp but not able to transfer the file to the target machine.

          S 1 Reply Last reply Dec 19, 2020, 12:43 PM Reply Quote 0
          • S
            stephenw10 Netgate Administrator @zaber01
            last edited by Dec 19, 2020, 12:43 PM

            Nope in addition to port 21 you need to pass the passive port range, for eaxmple 10000-20000 but that that could be anything depending on how you've configured it.
            Also vsftp seems to use ftps so needs port 990 also for the encryption.

            See: https://www.howtoforge.com/tutorial/ubuntu-vsftpd/

            You should be able to see that traffic blocked in the firewall log though when you try to connect and it fails.

            Steve

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received