weird problem with ipfw and ftp
clem.twain at gmail.com
Tue Apr 12 01:01:30 PDT 2005
>>i have a problem with users accessing my ftp service from the
>>internet. everything was working well until i changed from
>>Linux/shorewall to freebsd/ipfw as my firewall.
>>my setup is briefly as follows:
>>FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET
>>The linux rules were just two (and were working):
>> allow tcp from any to 10.0.0.1 21
>> allow tcp from 10.0.0.1 21 to any
>>I have the following in ipfw but they have refused to work!
>> ipfw add 00010 allow tcp from any to 10.0.0.1 21
>> ipfw add 00011 allow tcp from 10.0.0.1 21 to any
>>The problem is that an ftp session is established, but when the
>>session enters passive mode, the ftp session hangs. Are there any
>>other ports that need to be opened? Has anyone had such a problem
>>before? I can see in the logs that unprivileged ports are
>>responding from the ftp server to the requestor - but have tried
>>all combinations of rules to no avail!
> You need to use port 20 too. Additionally, passive ftp uses high number
> ports to actually transfer the data. I am not sure how to do this with
> IPFW but there are are a number of tutorials about this try google.
I have failed to get nothing from google - its seems everyone has
tried series of combinations!
Anyway, here is my rules:
ipfw add 00115 pass log tcp from any 1024-65535 to 10.0.0.1
ipfw add 00116 pass log tcp from any to 10.0.0.1 21 in recv sis1
ipfw add 00117 pass log tcp from any to 10.0.0.1 20 in recv sis1
but this hasnt helped much. have been trying for days! does
anyone have rules that are working - you can give 'em to me - or
advise where the above rules need tweaking.
More information about the freebsd-questions