Port forwarding of FTP is getting blocked by firewall

Support
1

I have port forwarding working well with a a variety of ports but two seem to be causing a problem.

Ports 20 and 21 are being forwarded from the outside to an internal FTP server but they are getting blocked by the firewall.
On the port forward setup screen I have it like this:

Protocol: TCP
Origin port: 20:21
Destination port: (blank)
Destination host: (internal server)
Allow only from: (blank)
Description: FTP1

This is a typical error in the firewall log:
pr 27 10:57:15 firewall kernel: Shorewall:net2ovpn:DROP:IN=eth1 OUT=tun0 SRC=70.210.48.114 DST=192.168.1.99 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=43850 DF PROTO=TCP SPT=9994 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0

Any ideas why?

2

Are you accessing the ftp server from a client connected through an openvpn link?

3

Nope? I’ve not even figured out how to make the VPN work yet.

4

Then, I believe that you have some network address issues.
From the firewall.log you can see that the firewall is routing traffic to the vpn.
Could you please share the output of

db networks show

?

5

eth0=ethernet
bootproto=none
device=eth0
gateway=192.168.1.99
hwaddr=00:50:56:B2:19:92
ipaddr=192.168.1.99
netmask=255.255.255.0
onboot=yes
role=green
eth1=ethernet
bootproto=none
gateway=xxx.yyy.zzz.mmm
hwaddr=00:50:56:b2:01:8b
ipaddr=xxx.yyy.zzz.qqq
netmask=255.255.255.0
role=red

6

BTW filippo:

I don’t know if this Southern phrase will translate but I’m still a lost ball in high weeds with respect to the VPN. Like I said, I’ve not figured out how to make it work yet.

Arch

7

Could you please try to remove the gateway from the green (lan) interface?
Then please try to remove all vpn configs.
I can’t figure out the error, but the ftp packets are dnatted to the ip of the firewall instead of the internal server (btw, what’s the ip of the internal ftp server?).
I think that we also need to see the output of:
db portforward show