Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-12 Thread Steve Yates 
Romain Lapoux wrote on Thu, Feb 11 2016 at 4:36 pm:

> I did some test and does not work

Since you're listing things, what are your firewall rules for traffic 
to/from the FTP server?

If you create rules allowing all traffic to and from that IP address, 
do FTP connections work?

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP trouble.

2016-02-12 Thread J. Echter 
Hi,

dont laugh. it was the f. antivirus

thanks for your inrerest :)

Am 11.02.2016 um 20:25 schrieb J. Echter:
> Hi,
> 
> i have a tool which uodates its data by ftp. Nothing sepcial...
> 
> But, i cant use it as i get errors like 'no data', error 227 'entering
> passive mode' and so on.
> 
> As far as i know should passive mode be working without any afford.
> 
> Where can i have a look what is going wrong?
> 
> I read about FTP helper and FTP CLient Proxy, but imho FTP Helper isn't
> in 2.2 anymore and was more for ftp servers behind pfsense.
> 
> 
> Please, any hints are welcome :)
> 
> Thanks.
> 
> Juergen
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-12 Thread Romain Lapoux 
Hi,

I did the same setup with OPNSense 16.1 + Compiled HAProxy 1.6.3 using:
/sbin/kldload ipfw
ipfw table 1 list
ipfw table 1 add 10.124.192.1/32
ipfw table 1 add 10.124.192.2/32
ipfw table 1 add 10.124.192.3/32
ipfw table 1 add 10.124.192.4/32
ipfw table 1 list
ipfw list
ipfw add 10 fwd localhost tcp from 'table(1)' 22 to any in recv vmx1
ipfw add 10 fwd localhost tcp from 'table(1)' 21 to any in recv vmx1
ipfw add 10 fwd localhost tcp from 'table(1)' 49000-49500 to any in recv
vmx1
ipfw list
Because HAProxy & transparence client IP is not integrated.

I did not get any disconnection.

It work very well currently.

Romain


-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates
Sent: Friday, February 12, 2016 16:27
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] Bug? Firewall disable no random connection drop,
firewall enable random connection drop

Romain Lapoux wrote on Thu, Feb 11 2016 at 4:36 pm:

> I did some test and does not work

Since you're listing things, what are your firewall rules for
traffic to/from the FTP server?

If you create rules allowing all traffic to and from that IP
address, do FTP connections work?

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-12 Thread Chris Buechler 
On Wed, Feb 10, 2016 at 3:47 PM, Romain Lapoux
 wrote:
> I am not agree, because how do you explain that all works correctly when I 
> disable only the firewall feature in pfSense ?
>

Because stateful firewalls must see both directions of traffic. If
you'd just fix your routing so reply traffic comes back in the same
interface the request left, things would work fine with the firewall
enabled. Given the Linux routing table earlier, you likely need to
check "Bypass firewall rules for traffic on the same interface" under
System>Advanced, Firewall/NAT. That may be enough, depending on
whether routing in other portions of your network is correct to keep
things symmetrical.


On Fri, Feb 12, 2016 at 6:11 PM, Romain Lapoux
 wrote:
> Hi,
>
> I did the same setup with OPNSense 16.1 + Compiled HAProxy 1.6.3 using:
> /sbin/kldload ipfw
...

Good luck with that hot mess.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold