RUT950 on 06.08.6 allows ftp, RUT951 on 7.02.7 does not

Hello:
I have a piece of instrumentation that is doing passive ftp to a host inside the GRE/IPSec and to a host outside the vpn. On my RUT950s with FW 6.08.6 both work fine.
On my new fleet of RUT951s running 7.02.7 only the ftp through the GRE/IPsec works, the ftp to the host outside the vpn does not.
I installed tcpdump-mini and monitored the traffic, the traffic from the instrument goes out but its never answered.
I also installed lftp onto the RUT951 and connect to the outside the vpn and it works from there. It appears some strange FW rule is blocking the return passive ftp traffic that is outside teh GRE/IPSec tunnel.
Can someone suggest how to fix this. I’m a complete novice with IPtables.

Cheers,
john

You are using ancient software, update and see if it impoved.

Which SW is ancient?

If something is working, we leave it. The older FW is the one that works, its the newer one that is broken.

cheers,
john

Both are old. The 7.02 is about 2 years old.

We have also tested 7.3.4 on the RUT951, same issue.
So, the only router that works properly are the old RUT950 units on 6.8.6.
cheers,
john

7.08 is the latest so you are still far away from the latest

This topic was automatically closed after 15 days. New replies are no longer allowed.