my computer has an address 172.21.163.80 and I connect to the remote ftp server 93.185.104.24
I have a rule:
config rule
option name 'ftp'
option src 'lan'
list src_ip '172.21.163.80/29'
option dest 'wan'
option dest_port '21'
option target 'ACCEPT'
option helper 'ftp'
option family 'ipv4'
list proto 'tcp'
and that doesn't work.
On the lan i see outgoing packet:
root@www:~# tcpdump -n -i br-lan host 93.185.104.24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
17:10:35.520592 IP 172.21.163.80.55514 > 93.185.104.24.21: Flags [S], seq 718708166, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:10:36.522451 IP 172.21.163.80.55514 > 93.185.104.24.21: Flags [S], seq 718708166, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:10:38.529306 IP 172.21.163.80.55514 > 93.185.104.24.21: Flags [S], seq 718708166, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:10:42.540960 IP 172.21.163.80.55514 > 93.185.104.24.21: Flags [S], seq 718708166, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:10:50.550765 IP 172.21.163.80.55514 > 93.185.104.24.21: Flags [S], seq 718708166, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
but I don't see any packets on the wan
however, when I add a rule:
config rule
option name 'FTP server'
option src 'lan'
option dest 'wan'
list dest_ip '93.185.104.24'
option target 'ACCEPT'
list proto 'tcp'
option family 'ipv4'
so everything works and I see packets on LAN and WAN
root@www:~# tcpdump -n -i br-lan host 93.185.104.24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
17:50:04.017274 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [S], seq 2837568723, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:50:04.021194 IP 93.185.104.24.21 > 172.21.163.80.60745: Flags [S.], seq 830974324, ack 2837568724, win 17920, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
17:50:04.021534 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [.], ack 1, win 1026, length 0
17:50:04.046342 IP 93.185.104.24.21 > 172.21.163.80.60745: Flags [P.], seq 1:10, ack 1, win 140, length 9: FTP: 220 FTP
17:50:04.057676 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [P.], seq 1:18, ack 10, win 1026, length 17: FTP: USER
17:50:04.061990 IP 93.185.104.24.21 > 172.21.163.80.60745: Flags [.], ack 18, win 140, length 0
17:50:04.062319 IP 93.185.104.24.21 > 172.21.163.80.60745: Flags [P.], seq 10:48, ack 18, win 140, length 38: FTP: 331 Password required for
17:50:04.105825 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [.], ack 48, win 1026, length 0
17:50:06.412526 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [P.], seq 18:24, ack 48, win 1026, length 6: FTP: QUIT
17:50:06.416122 IP 93.185.104.24.21 > 172.21.163.80.60745: Flags [P.], seq 48:62, ack 24, win 140, length 14: FTP: 221 Goodbye.
17:50:06.416399 IP 93.185.104.24.21 > 172.21.163.80.60745: Flags [F.], seq 62, ack 24, win 140, length 0
17:50:06.418580 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [.], ack 63, win 1026, length 0
17:50:06.430243 IP 172.21.163.80.60745 > 93.185.104.24.21: Flags [R.], seq 24, ack 63, win 0, length 0
where could be the problem?