hello
since 8.302 upgrade, I cannot access anymore to external FTP sites using our internal interface. This interface is proxied for http/ftp traffic. The client simply tries to reach FTP sites for a long time, then the browser returns an error (it is not an astaro error). If I try to remove FTP service from Allowed Target Services, I obviously get and Astaro error (target service not allowed). So the proxy is configured correctly.
Anyway I noticed these entries in packetfilter log (where 129.35.224.115 is the ip of external ftp site):
2012:06:07-10:25:32 mywirewallname ulogd[5666]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="00:00:00:00:00:00" dstmac="11:11:11:11:11:11" srcip="129.35.224.115" dstip="MY PUBLIC WAN INTERFACE IP ADDRESS" proto="6" length="85" tos="0x00" prec="0x40" ttl="48" srcport="21" dstport="40222" tcpflags="ACK PSH"
2012:06:07-10:25:32 mywirewallname ulogd[5666]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="00:00:00:00:00:00" dstmac="11:11:11:11:11:11" srcip="129.35.224.115" dstip="MY PUBLIC WAN INTERFACE IP ADDRESS" proto="6" length="89" tos="0x00" prec="0x40" ttl="48" srcport="21" dstport="40222" tcpflags="ACK PSH FIN"
any idea?
since 8.302 upgrade, I cannot access anymore to external FTP sites using our internal interface. This interface is proxied for http/ftp traffic. The client simply tries to reach FTP sites for a long time, then the browser returns an error (it is not an astaro error). If I try to remove FTP service from Allowed Target Services, I obviously get and Astaro error (target service not allowed). So the proxy is configured correctly.
Anyway I noticed these entries in packetfilter log (where 129.35.224.115 is the ip of external ftp site):
2012:06:07-10:25:32 mywirewallname ulogd[5666]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="00:00:00:00:00:00" dstmac="11:11:11:11:11:11" srcip="129.35.224.115" dstip="MY PUBLIC WAN INTERFACE IP ADDRESS" proto="6" length="85" tos="0x00" prec="0x40" ttl="48" srcport="21" dstport="40222" tcpflags="ACK PSH"
2012:06:07-10:25:32 mywirewallname ulogd[5666]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="00:00:00:00:00:00" dstmac="11:11:11:11:11:11" srcip="129.35.224.115" dstip="MY PUBLIC WAN INTERFACE IP ADDRESS" proto="6" length="89" tos="0x00" prec="0x40" ttl="48" srcport="21" dstport="40222" tcpflags="ACK PSH FIN"
any idea?