FTP not working with NetworkPRO firwall settings

cata02 · January 31, 2012, 10:46am

Hello all,

I’ve configured an rb450g with the network pro firewall rules adapted like this:

1 isp connection
not using proxies, natting some services to outside
new chain to filter outgoing packets

Everything seems to be working fine, except FTP connections. Sometimes (or some ip’s) i cannot get an ftp connection to work, it seems to be stucking at the list command.
I’ve already checked that the ftp service helper is active.

I’m using fillezilla as an ftp client, using a passive mode connection.

Any ideea what am i doing wrong?

Thanks.

janisk · January 31, 2012, 11:01am

do you accept related connections? maybe that is the thing, if i remember correctly, then you send simple list, and response is through related.

cata02 · January 31, 2012, 11:04am

established and related.

testing with log rules, i cought some reply pakets with the established state, not related.

the rules are in the sanity-check chain.

janisk · January 31, 2012, 11:06am

that is good that you caught them, now you can move this log rule through your sanity check chain and see where you are getting rid of them. If these are related, then they should be matched by accept established and accept related.

cata02 · January 31, 2012, 11:10am

the last chain i cought reply packets is the mangle postrouting.
packets were of the following form: public_ip:21 → private_ip:highport

hightport was something over 50000.

should it work if i try active mode? or should i stick to making passive mode work?