Hello:
I have a piece of instrumentation that is doing passive ftp to a host inside the GRE/IPSec and to a host outside the vpn. On my RUT950s with FW 6.08.6 both work fine.
On my new fleet of RUT951s running 7.02.7 only the ftp through the GRE/IPsec works, the ftp to the host outside the vpn does not.
I installed tcpdump-mini and monitored the traffic, the traffic from the instrument goes out but its never answered.
I also installed lftp onto the RUT951 and connect to the outside the vpn and it works from there. It appears some strange FW rule is blocking the return passive ftp traffic that is outside teh GRE/IPSec tunnel.
Can someone suggest how to fix this. I’m a complete novice with IPtables.
Cheers,
john