<![CDATA[Active FTP from opt to LAN network]]>I'm trying to ftp from a host on one of my OPT interfaces to a host on the LAN interface.  Using active mode I can't get a data connection.  My logs show blocks from the source host on OPT to port 20 on my FTP server with a protocol listed of TCP:SA.  Rules allow full access between hosts.  The block reason is

The rule that triggered this action is:

@1 scrub in on em0 all fragment reassemble
@1 block drop in log all label "Default deny rule"

I've tried disabling the ftp proxy under system tunables, but it didn't make a difference.  Not sure if it really has any impact between interfaces?  I also tried setting my optimization setting down to conservative.

Running the 2.0 release build from September 2011.

thanks

]]>https://forum.netgate.com/topic/41327/active-ftp-from-opt-to-lan-networkRSS for NodeThu, 11 Jun 2026 22:38:19 GMTWed, 25 Jan 2012 18:09:26 GMT60<![CDATA[Reply to Active FTP from opt to LAN network on Wed, 25 Jan 2012 20:58:24 GMT]]>@marcelloc:

If you are not using ftp proxy, you need a rule to allow traffic com ftp server source prot 20 to client ip any port.

I have a rule allowing unrestricted access from the server to the client to and from any port

TCP <server ip="">* <opt subnet="">* * none   allow fs1 to imaging </opt></server>

]]>https://forum.netgate.com/post/316494https://forum.netgate.com/post/316494Wed, 25 Jan 2012 20:58:24 GMT<![CDATA[Reply to Active FTP from opt to LAN network on Wed, 25 Jan 2012 20:06:23 GMT]]>If you are not using ftp proxy, you need a rule to allow traffic com ftp server source prot 20 to client ip any port.

]]>https://forum.netgate.com/post/316488https://forum.netgate.com/post/316488Wed, 25 Jan 2012 20:06:23 GMT