Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 1236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscan detection (blackhole) + ProFTP/ FTP

Jens Hauser
Hi all,

we are experiencing the following problem:

We are running an FTP-Server behind an Astaro within a DMZ. Traffic to the external IP address (on Astaro) is natted to the private address of the FTP server.
This works fine so far if we do not enable the Portscan option "drop (blackhole)". If this option is enabled, random transfer problems occur in active ftp mode if someone from outside OR inside tries to send multiple files to the DMZ FTP server. In passive mode it works "better", but sometimes also transfer hangs. All those problems are also notified by the firewall as a Portscan!

Any ideas?

Best regards,
Jens
   


This thread was automatically locked due to age.
  • 0
    Jens Hauser,

    psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1

    is the related filter line. It explains why the psd detection happens less if using high ports (>1023). 
    To prevent ftp connections of being dropped you could exclude the ftp server from portscan detection.

    read you
    o|iver