ftp problem

dorijan · November 23, 2005, 7:41am

Hi…
I have problem that I dont know how to solve…
I got some rules on m firewall, and on the end, firewall rule that drops all tcp connections that are not allowed
I enabled port 21, witch is a ftp port, and users can connect to desired ftp server, but cannot start transfer…
I suppose reason is that ftp uses some other random ports, but I cannot enable all of them…
Any suggestions are welcome…

sergejs · November 23, 2005, 8:03am

you have to allow 20 port too.
if this won’t help, post export of firewall forward rules.

dorijan · November 23, 2005, 10:49am

hm…stil not working…
here it is

/ ip firewall filter
add chain=forward p2p=all-p2p action=drop comment=“p2p” disabled=no
add chain=forward connection-state=established action=accept
comment=“uspostavljene konekcije…” disabled=no
add chain=forward protocol=tcp dst-port=53 action=accept comment=“dns”
disabled=no
add chain=forward protocol=udp dst-port=53 action=accept comment=“dns”
disabled=no
add chain=forward protocol=tcp dst-port=143 action=accept comment=“imap za
mail” disabled=no
add chain=forward protocol=tcp dst-port=110 action=accept comment=“pop3”
disabled=no
add chain=forward protocol=tcp dst-port=119 action=accept comment=“newsi”
disabled=no
add chain=forward protocol=tcp dst-port=443 action=accept comment=“https”
disabled=no
add chain=forward protocol=tcp dst-port=465 action=accept comment=“mail”
disabled=no
add chain=forward protocol=tcp dst-port=993 action=accept comment=“mail”
disabled=no
add chain=forward protocol=tcp dst-port=995 action=accept comment=“mail”
disabled=no
add chain=forward protocol=tcp dst-port=1433 action=accept comment=“xice”
disabled=no
add chain=forward protocol=tcp dst-port=6969 action=accept comment=“xice”
disabled=no
add chain=forward protocol=tcp dst-port=20 action=accept comment=“ftp”
disabled=no
add chain=forward protocol=tcp dst-port=21 action=accept comment=“ftp”
disabled=no
add chain=forward protocol=tcp src-port=20 action=accept comment=“ftp”
disabled=no
add chain=forward protocol=tcp src-port=21 action=accept comment=“ftp”
disabled=no
add chain=forward action=drop comment=“other” disabled=no

Tonda · November 23, 2005, 11:27am

Try to add also rule chain=forward connection-state=related action=accept.

dorijan · November 23, 2005, 12:04pm

weeee
thx…
its working…