weird problem with ipfw and ftp
Robert Slade
bsd at bathnetworks.com
Tue Apr 12 00:38:55 PDT 2005
On Tue, 2005-04-12 at 08:05, Clement Twine wrote:
> hi freebsd users,
>
> i have a problem with users accessing my ftp service from the
> internet. everything was working well until i changed from
> Linux/shorewall to freebsd/ipfw as my firewall.
>
> my setup is briefly as follows:
>
> FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET
>
> The linux rules were just two (and were working):
>
> allow tcp from any to 10.0.0.1 21
> allow tcp from 10.0.0.1 21 to any
>
> I have the following in ipfw but they have refused to work!
>
> ipfw add 00010 allow tcp from any to 10.0.0.1 21
> ipfw add 00011 allow tcp from 10.0.0.1 21 to any
>
>
> The problem is that an ftp session is established, but when the
> session enters passive mode, the ftp session hangs. Are there any
> other ports that need to be opened? Has anyone had such a problem
> before? I can see in the logs that unprivileged ports are
> responding from the ftp server to the requestor - but have tried
> all combinations of rules to no avail!
>
> Please help!
>
> Regards,
>
> Clem.
You need to use port 20 too. Additionally, passive ftp uses high number
ports to actually transfer the data. I am not sure how to do this with
IPFW but there are are a number of tutorials about this try google.
Rob
>
>
More information about the freebsd-questions
mailing list