FTP traffic not going out on WAN



  • Hi All,

    Situation pfSense 2.1 (latest version)

    1 nic for ISP1
    1 nic for ISP2
    1 nic vor LAN
    1 nic for 4 DMZ zones (1+3VLANs)
    1 nic for wireless

    DMZ zones are x.y.20.0/24 VLANs x.y.22.0/24 x.y.26.0/24 & x.y.28.0/24

    on x.y.28.2 sits an IBM AS/400 with FTP server.

    Can connect from LAN to FTP server and get a file - no problem

    Can connect from any place in the world to x.y.28.3 to start FTP, authentication works, cd into dir ok, but when I 'get' a file, it stops.
    (switching to passive does not help)

    This is now in my firewall
    block
    Jan 20 22:47:36 DMZxxx28 (source)x.y.28.2:21 (dest)24.64.xx.yy:43541 TCP:FPA

    Reason for the block
    @5 block drop in log inet all label "Default deny rule IPv4"

    There is a rule in DMZxxx28 that allows for this traffic to go out.

    Rule in DMZxxx28:
    ID Proto  Source  Port Destination Port Gateway Queue
    IPv4 TCP/UDP x.y.28.2 * *   * WANisp1GW none

    And all this used to work until I rebooted my system 3 days ago…

    Since then I have Ticked ON (selected) (In System:Advanced):
    Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.
    &
    Bypass firewall rules for traffic on the same interface

    as suggested by others in this forum, and rebooted the box again, but no luck...

    Any other ideas?

    thanks

    Peter



  • It's getting worse… Now I get this

    The rule that triggered this action is:
    @5 block drop in log inet all label "Default deny rule IPv4"

    On most traffic going out (ex IMAP on 143 cannot talk to a laptop connected via OpenVPN )

    No idea what is triggering this.

    Close to cleaning it all up and re-install - although I don't want to do that.

    Peter


Log in to reply