Passive FTP ipfw issue
Kevin Reiter
kevin at njcs-online.net
Wed Jul 2 20:37:00 PDT 2003
> The problem is that the dynamic rule 00510 will expire in 20 seconds
> (lifetime control net.inet.ip.fw.dyn_syn_lifetime=20). The connection
timer
> seems to indicate that it´s
> waitintg for a completed 3-way handshake and hasn´t seen the other SYN.
>
> Is there anything wrong with these rules? What am I missing ?
>
What do you have in natd.conf? I'm running 4.7-RELEASE myself and have a
Win32 FTP server on my inside net that is visible to the outside, and I have
1 line in /etc/natd.conf that redirects all requests to port 21 to my inside
server (no anon logins.) I don't have anything in my firewall rules (should
I?) for FTP
use_sockets yes
same_ports yes
dynamic yes
#For FTP to Zeus:
redirect_port tcp 192.168.0.5:21 21
Mind you, I'm no rocket scientist or BSD expert, but I've been using this
since January, and it's been working for me OK sofar.
(...and yes, I know...OE is evil, but I was in the middle of playing
NeverwinterNights and needed a break =)
Hope this helps...
-Kevin Reiter
More information about the freebsd-ipfw
mailing list