My BM drops packaes from Port 21 of the reverse proxy back to the esxternal
device.
Craig Johnson wrote on such a problem "You want to avoid overlapping ftp
stateful exceptions."
In which case ftp stateful exceptions are overlapping?
I have 3 public interfaces, all dynamic nat only.
I have
#1 filters to allow traffic from the proxy to anywhere like
EXCLUDE ENABLED NOLOG, INTRFACE:PUB_ROUTER IP:192.168.181.17, IP:pid=TCP
port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:PUB_ROUTER, enable ftp
from proxy
#2 filters to allow traffic from specific host inside to a specific host
outside (without authentification) like
EXCLUDE ENABLED NOLOG, INTRFACE:PRV_E IP:192.168.183.1, IP:pid=TCP
port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:PUB_INET IP:z.y.x.w,
enable ftp from inside ?? to outside ??
#3 filters to allow acces to the reverse proxy like
EXCLUDE ENABLED NOLOG, INTRFACE:PUB_ROUTER IP:192.168.181.22, IP:pid=TCP
port=21 srcport=<All> ackfilt=0 stfilt=1, INTRFACE:PUB_ROUTER
IP:192.168.181.17, enable ftp from access router to proxy