EFW Support

I created a port fowrad (DNAT) that just won't work for some reason.

Access from: Any
Target Type: Any Uplink
Filter Policy: ALLOW
Service: User Defined, tcp 990
Translate to IP: 192.168..
DNAT Policy: DNAT
Port Range {blank}
Status: Enabled.

grc.com sheilds up port scan says that this port is stealth. nmap from outside the network shows no response. and I cannot log into the FTPS server that is behind the firewall. This all used to work when I had EFW 2.x RC1. Upgraded, and have had problems ever since.

What am I doing wrong?

EFW has a bad snort pre-proccessor rule that flags FTPS and FTPES as bad, and another one that bounces the packets instead of just giving a false positive warning.  I have tried to override these entries in Snort.Conf; but, EFW puts them back whenever I restart the IPS.

If anyone has another file or location I can used to set up an override for that pre-processor please let me know.

The problem was documented in a snort forum post.  The solution was to change the pre-processor settings for the FTP Encryption test from yes to no.

To fix it, log into to your EFW using SSH, and modify /etc/snort/snort.conf.tmpl
 it looked like the following should have fixed it; but, it only turned of the warning:
preprocessor ftp_telnet: global \
    encrypted_traffic yes \
    inspection_type stateful
  And change the yes to no.

I don't know of my final solution was the best one or not; but, I remarked out all the ftp_telnet preprocessor lines and it worked.

If anyone out there has a better solution - please let us know.  Thanks;