This is the problem: web-server lies in DMZ, it has allowed in 21+20 (ftp+ftp-control) as usually, and connections are allowed out orginating from port 20. Now this setup work with standard (or used to work) with iptables and conntrack, this setup has worked for years now..
with iptables. Now we've just moved to ASG220 appliance and enabled connection tracking and made the same rules with webadmin.
However, now none of FTP-connections work: neither active nor passive.
So this is what I am looking:
- both passive and active FTP work
- only ports 21/20 inbound/outbound open (opening all ports/highports are NOT an option)
- FTP-connections are tracked.
*solved*
This thread was automatically locked due to age.
