pve-manager/3.4-1/3f2d890e (running kernel: 3.10.0-5-pve), default OUT policy to REJECT, an external ftp server I need to access to save backups there.
I've added nf_conntrack_ftp in /etc/modules, and added a rule with FTP macro to let out traffic go for that protocol (and destinaion IP) and rebooted. An lsmod shows nf_conntrack_ftp be present.
and in the firewall log
otherwise if I add at the top a "pass all" our rule, everything works
Any tip?
I've added nf_conntrack_ftp in /etc/modules, and added a rule with FTP macro to let out traffic go for that protocol (and destinaion IP) and rebooted. An lsmod shows nf_conntrack_ftp be present.
Code:
# ftp -p -n <FTP_SERVER_IP>
[...]
ftp> ls
227 Entering Passive Mode
ftp: connect: Connection refused
ftp>
Code:
0 6 PVEFW-HOST-OUT 01/Jan/1970:01:00:00 +0100 policy REJECT: OUT=vmbr0 SRC=<MY_SRC_IP> DST=<FTP_SERVER_IP> [...] DF PROTO=TCP SPT=38434 DPT=28679
Code:
ftp> ls
227 Entering Passive Mode
150 Accepted data connection
drwxr-xr-x 2 1001 ftp 4096 Feb 6 15:55 dump
drwxr-xr-x 3 1001 ftp 4096 Feb 6 15:55 template
226 2 matches total