FTP traffic not going out on WAN

  • Hi All,

    Situation pfSense 2.1 (latest version)

    1 nic for ISP1
    1 nic for ISP2
    1 nic vor LAN
    1 nic for 4 DMZ zones (1+3VLANs)
    1 nic for wireless

    DMZ zones are x.y.20.0/24 VLANs x.y.22.0/24 x.y.26.0/24 & x.y.28.0/24

    on x.y.28.2 sits an IBM AS/400 with FTP server.

    Can connect from LAN to FTP server and get a file - no problem

    Can connect from any place in the world to x.y.28.3 to start FTP, authentication works, cd into dir ok, but when I 'get' a file, it stops.
    (switching to passive does not help)

    This is now in my firewall
    Jan 20 22:47:36 DMZxxx28 (source)x.y.28.2:21 (dest)24.64.xx.yy:43541 TCP:FPA

    Reason for the block
    @5 block drop in log inet all label "Default deny rule IPv4"

    There is a rule in DMZxxx28 that allows for this traffic to go out.

    Rule in DMZxxx28:
    ID Proto  Source  Port Destination Port Gateway Queue
    IPv4 TCP/UDP x.y.28.2 * *   * WANisp1GW none

    And all this used to work until I rebooted my system 3 days ago…

    Since then I have Ticked ON (selected) (In System:Advanced):
    Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.
    Bypass firewall rules for traffic on the same interface

    as suggested by others in this forum, and rebooted the box again, but no luck...

    Any other ideas?



  • It's getting worse… Now I get this

    The rule that triggered this action is:
    @5 block drop in log inet all label "Default deny rule IPv4"

    On most traffic going out (ex IMAP on 143 cannot talk to a laptop connected via OpenVPN )

    No idea what is triggering this.

    Close to cleaning it all up and re-install - although I don't want to do that.


Log in to reply