ftp access

[fbsd_user]

The FTP protocol has to modes, active  and passive. In active mode
the remote FTP server will request an inbound connection for the
data connection and you have no rule to allow it in. In passive mode
the requesting FTP session issues the data connection which your
rules allow. To fix the problem and still keep your tight firewall,
all you have to do is tell the FTP client program you are using to
default to passive mode and them everything will work without any
changes to your ipfw rules.

-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org
[mailto:owner-freebsd-ipfw at freebsd.org]On Behalf Of al vanyushenkov
Sent: Tuesday, December 30, 2003 4:27 AM
To: freebsd-ipfw at freebsd.org
Subject: ftp access

HI all!

I use FreeBSD 4.8 with ipfw2

I have ipfw rules

...
check-state
...
allow udp from me to any 21 keep-state out via rl0
allow tcp from me to any 21 setup keep-state out via rl0
deny all from any to any

rl0 is my internet interface.

When i tried to use ftp i connected, ls successfully,
but when i tried to get or put files i got records in ipfw.log
deny tcp x.x.x.x:20 y.y.y.y:z

where x.x.x.x is remote ip address
y.y.y.y is my ip address

Does anybody know what rules should i add to allow tcp connections
from me
and deny all connections from outside to me.

Thanks
vanyushenkov alexey
adm at ruskhleb.ru

_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe at freebsd.org"