Community discussions

MikroTik App
 
User avatar
tneumann
Member
Member
Topic Author
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Invalid service-port

Thu May 05, 2005 12:03 am

Hi,

running 2.9rc1, if I do

[admin@MikroTik] > /ip firewall service-port print
Flags: X - disabled, I - invalid
# NAME PORTS
0 I ftp 21
1 I tftp 69
2 I irc 6667
3 X h323
4 quake3
5 mms
6 X gre
7 X pptp
[admin@MikroTik] >


Some service-port entries are marked as 'invalid'.
What does that mean and how can I make them 'valid'?

Right now I notice that I can't do non-passive FTP
sessions through a masqueraded srcnat connection,
only PASV ftp works, and I suspect this might be related
to the 'invalid' from ftp service-port?

Thanks,

--Tom
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Thu May 05, 2005 8:26 pm

Tom

Have you got Connection Tracking turned on?

Regards

Andrew
 
User avatar
tneumann
Member
Member
Topic Author
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Thu May 05, 2005 8:35 pm

Have you got Connection Tracking turned on?
Yep, I do (it's on by default)
[admin@MikroTik] > /ip firewall connection tracking print
                   enabled: yes
      tcp-syn-sent-timeout: 2m
  tcp-syn-received-timeout: 1m
   tcp-established-timeout: 5d
      tcp-fin-wait-timeout: 2m
    tcp-close-wait-timeout: 1m
      tcp-last-ack-timeout: 30s
     tcp-time-wait-timeout: 2m
         tcp-close-timeout: 10s
               udp-timeout: 30s
        udp-stream-timeout: 3m
              icmp-timeout: 30s
           generic-timeout: 10m
[admin@MikroTik] >
Any more information I might give that might help?

Thanks,

--Tom

Who is online

Users browsing this forum: FPnut and 191 guests