Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop
Romain Lapoux wrote on Thu, Feb 11 2016 at 4:36 pm: > I did some test and does not work Since you're listing things, what are your firewall rules for traffic to/from the FTP server? If you create rules allowing all traffic to and from that IP address, do FTP connections work? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] FTP trouble.
Hi, dont laugh. it was the f. antivirus thanks for your inrerest :) Am 11.02.2016 um 20:25 schrieb J. Echter: > Hi, > > i have a tool which uodates its data by ftp. Nothing sepcial... > > But, i cant use it as i get errors like 'no data', error 227 'entering > passive mode' and so on. > > As far as i know should passive mode be working without any afford. > > Where can i have a look what is going wrong? > > I read about FTP helper and FTP CLient Proxy, but imho FTP Helper isn't > in 2.2 anymore and was more for ftp servers behind pfsense. > > > Please, any hints are welcome :) > > Thanks. > > Juergen > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop
Hi, I did the same setup with OPNSense 16.1 + Compiled HAProxy 1.6.3 using: /sbin/kldload ipfw ipfw table 1 list ipfw table 1 add 10.124.192.1/32 ipfw table 1 add 10.124.192.2/32 ipfw table 1 add 10.124.192.3/32 ipfw table 1 add 10.124.192.4/32 ipfw table 1 list ipfw list ipfw add 10 fwd localhost tcp from 'table(1)' 22 to any in recv vmx1 ipfw add 10 fwd localhost tcp from 'table(1)' 21 to any in recv vmx1 ipfw add 10 fwd localhost tcp from 'table(1)' 49000-49500 to any in recv vmx1 ipfw list Because HAProxy & transparence client IP is not integrated. I did not get any disconnection. It work very well currently. Romain -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Friday, February 12, 2016 16:27 To: pfSense Support and Discussion Mailing ListSubject: Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop Romain Lapoux wrote on Thu, Feb 11 2016 at 4:36 pm: > I did some test and does not work Since you're listing things, what are your firewall rules for traffic to/from the FTP server? If you create rules allowing all traffic to and from that IP address, do FTP connections work? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop
On Wed, Feb 10, 2016 at 3:47 PM, Romain Lapouxwrote: > I am not agree, because how do you explain that all works correctly when I > disable only the firewall feature in pfSense ? > Because stateful firewalls must see both directions of traffic. If you'd just fix your routing so reply traffic comes back in the same interface the request left, things would work fine with the firewall enabled. Given the Linux routing table earlier, you likely need to check "Bypass firewall rules for traffic on the same interface" under System>Advanced, Firewall/NAT. That may be enough, depending on whether routing in other portions of your network is correct to keep things symmetrical. On Fri, Feb 12, 2016 at 6:11 PM, Romain Lapoux wrote: > Hi, > > I did the same setup with OPNSense 16.1 + Compiled HAProxy 1.6.3 using: > /sbin/kldload ipfw ... Good luck with that hot mess. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold