wrote: Biggest cotcha: applying firewall modify rule should be:
set interfaces switch switch0 firewall in modify FTPMoreover, you're using rule number 21, this is unrelated to ftp being port 21. (but still fine)
Current rule takes all UDP and TCP traffic whereas ftp is only tcp.
It filters on your default gateway1 address, this will (almost) never be source of ftp traffic.
For forcing ftp clients to use route 1
Note: I'm not sure PBR firewall rule is also handled statefull, so you might run into trouble for passive ftp , which uses unknown high ports for data transfer. So use activ ftp mode
set firewall modify FTP rule 21 description "FTP PBR" set firewall modify FTP rule 21 destination port 20,21 set firewall modify FTP rule 21 protocol tcp set firewall modify FTP rule 21 modify table 1
would this solution work properly with ephermal ports being used with the FTP connection?
I usually add a rule with high prioirty to accept any package with a session state of related or established, would that make direct the ephermal port traffic (or established traffic on the same port) through the corresponding route table that the original traffic was sent through?... I am never clear on how the additional packets are handled on a staeful firewall.