Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FTP traffic not going out on WAN

    Firewalling
    1
    2
    660
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterlinuxgeek last edited by

      Hi All,

      Situation pfSense 2.1 (latest version)

      1 nic for ISP1
      1 nic for ISP2
      1 nic vor LAN
      1 nic for 4 DMZ zones (1+3VLANs)
      1 nic for wireless

      DMZ zones are x.y.20.0/24 VLANs x.y.22.0/24 x.y.26.0/24 & x.y.28.0/24

      on x.y.28.2 sits an IBM AS/400 with FTP server.

      Can connect from LAN to FTP server and get a file - no problem

      Can connect from any place in the world to x.y.28.3 to start FTP, authentication works, cd into dir ok, but when I 'get' a file, it stops.
      (switching to passive does not help)

      This is now in my firewall
      block
      Jan 20 22:47:36 DMZxxx28 (source)x.y.28.2:21 (dest)24.64.xx.yy:43541 TCP:FPA

      Reason for the block
      @5 block drop in log inet all label "Default deny rule IPv4"

      There is a rule in DMZxxx28 that allows for this traffic to go out.

      Rule in DMZxxx28:
      ID Proto  Source  Port Destination Port Gateway Queue
      IPv4 TCP/UDP x.y.28.2 * *   * WANisp1GW none

      And all this used to work until I rebooted my system 3 days ago…

      Since then I have Ticked ON (selected) (In System:Advanced):
      Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.
      &
      Bypass firewall rules for traffic on the same interface

      as suggested by others in this forum, and rebooted the box again, but no luck...

      Any other ideas?

      thanks

      Peter

      1 Reply Last reply Reply Quote 0
      • P
        peterlinuxgeek last edited by

        It's getting worse… Now I get this

        The rule that triggered this action is:
        @5 block drop in log inet all label "Default deny rule IPv4"

        On most traffic going out (ex IMAP on 143 cannot talk to a laptop connected via OpenVPN )

        No idea what is triggering this.

        Close to cleaning it all up and re-install - although I don't want to do that.

        Peter

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy