General Questions

Hey,
since i've put Monowall into my LAN, i've noticed i can't upload files to any FTP server in the Internet (from all PCs in LAN). Can download tho.
Where can be the problem? Thx in advance for any ideas.
-kOk-

Btw., got ADSL modem > DMZ > M0n0wall. Everything else works as it's supposed to. Except the damn FTP uploading...

Have you tried setting up a rule in the firewall to FIRST allow all up-going FTP traffic?  That'd be my first move, granted...it doesn't always seem to work, but it makes sense that it would work.

That is to say, as far as your up-going (Lan -> Wan) firewall settings go, the first rule should be something important, but for testing purposes, I'd just tell it to allow all FTP traffic.

If that doesn't solve the problem, look at the down-going settings (Wan -> Lan)  and open up FTP the same way there too.

I'm having a similar problem so I feel for ya, Good luck.

Yup, i've tried like everything. What makes the best sense to me is following fw settings:

Action: Pass
Interface: WAN
Protocol: TCP
Source: LAN Subnet, Port: 21 (FTP)
Destination: WAN Address, Port: 21 (FTP)

But still doesn't work.
If I remove monowall, and put my laptop behind ADSL modem instead, everything works fine.

try leaving more and more things open while you're trying to be diagnostic, set options that have an "any" setting to "any", such as protocol.

I don't think i've had problems with FTP, but I can't remember at the moment.

just for the sake of science, why don't you set your firewall to have *everything* going up passed and *everything* coming down passed, essentially disabling your firewall.

at this point, if I were you, i'd be checking to see if the individual parts of m0n0wall were starting to not work so well together.

If you're using the "DMZ" functionality of your modem, assuming it's the bastardized definition of DMZ that's used by many modem vendors, you're NAT'ing traffic twice. NAT and FTP don't play well together, and really don't play well together when you double NAT. It's some sort of bad interaction between m0n0wall's FTP proxy and likely a FTP proxy in your modem.

Solution? I have no idea, depends on exactly what's happening and how your modem behaves. If you can do away with the "DMZ" on the modem and get the public IP directly assigned on m0n0wall's WAN, this problem will go away because your double NAT will go away.

THANK YOU THANK YOU THANK YOU!
You were right, ADSL modem's DMZ is weird. I bridged all trafic to m0n0wall's WAN IF instead, aaaaaand BINGO!
cheers!