Hello all,

I've configured an rb450g with the network pro firewall rules adapted like this:
- 1 isp connection
- not using proxies, natting some services to outside
- new chain to filter outgoing packets

Everything seems to be working fine, except FTP connections. Sometimes (or some ip's) i cannot get an ftp connection to work, it seems to be stucking at the list command.
I've already checked that the ftp service helper is active.

I'm using fillezilla as an ftp client, using a passive mode connection.

Any ideea what am i doing wrong?

Thanks.

do you accept related connections? maybe that is the thing, if i remember correctly, then you send simple list, and response is through related.

established and related.

testing with log rules, i cought some reply pakets with the established state, not related.

the rules are in the sanity-check chain.

that is good that you caught them, now you can move this log rule through your sanity check chain and see where you are getting rid of them. If these are related, then they should be matched by accept established and accept related.

the last chain i cought reply packets is the mangle postrouting.
packets were of the following form: public_ip:21 -> private_ip:highport

hightport was something over 50000.

should it work if i try active mode? or should i stick to making passive mode work?