Static routing - FTP download hangs
-
Hi!
We are experiencing some strange behaviour in our LAN concerning static routes. We switched to a pfSense box as our main router/firewall in our office. We have a static route to a gateway, which connects our LAN (lets call it LAN1) to another LAN (lets call it LAN2). LAN1 has the IP 192.168.1.0/24 and the pfSense box is used as the default gateway to connect to WAN. LAN2 has the IP 10.10.30.0/24. The gateway in between has the IP 192.168.1.200 on LAN1 (the other gateway is not operated by us, and it worked for years without problems)
Looks like this:
WAN –- pfSense --- LAN1 --- other gateway --- LAN2
What we did:
We added a Gateway ("System > Routng > Gateways" tab) on the LAN interface (which is connected to LAN1) and a static route to 10.10.30.0/24 using this gateway.
And we checked the "Bypass firewall rules for traffic on the same interface" box on the "Advanced/Firewall/NAT" Tab.The Problem: when a FTP connection to a host in LAN2 is established, everything works fine, directory listing gets transferred, file download works as expected. But the file upload hangs after a few kB of data, thus leading to an error (426: failure reading network stream - broken pipe)
FTP and even FTPS connections from LAN1 to WAN work fine in both directions.
We are using pfSense 2.2.4 full installation.
Any ideas?
-
whats the reason you configured a gateway for a known network?
gateways tend to be used when dealing with unknown networks…no clue why your ftp fails, could be many things: policy routing going wrong, unwanted NAT getting messy, ...
more info required (screenshots of config + packet capture) & test without the gateway please
-
Hi heper,
thanks for your reply. The reason we have a gateway is, that the network LAN2 is operated by another company (we are their customers and use their servers) the gateway does the firewalling.
In the meantime we did some testing and found out, that active FTP actually works fine - just passive FTP hangs. We decided, that we can live with this behaviour - although even passive FTP should work.
(If we disable the firewall (System > Advanced > Firewall/NAT "disable all packet filtering") even passive FTP works as expected)