FTP server will not initiate DATA connection back to client
Bill Moran
wmoran at potentialtech.com
Thu Jul 1 06:54:11 PDT 2004
User LAFFER1 <laffer1 at adsl-68-76-19-75.dsl.klmzmi.ameritech.net> wrote:
> Does it work with ipfw disabled? If so, then it seems resonable that ipfw
> is causing the problem. One of the ftp modes (pasv or port) requires high
> level ports to be accessible on the server. I just started drinking
> coffee this moring, so i can't remember which one yet. :)
Drink faster man! ;)
Do these tests:
1) FTP active mode with firewall enabled
2) FTP active mode with firewall at allow all
3) FTP passive mode with firewall enabled
If 2 & 3 succeed and 1 doesn't ... then it's your firewall. Other
combinations indicate other problems which may be more complex.
FTP active mode requires that the server can make a connection _back_ to
the client. This fails over NAT boundries and many different firewall
configs. Passive mode causes the client to make a _second_ connection to
the server on a high, random port. This traverses NAT pretty well, but
requires proper rules in the server's packet filter to allow the connections
to succeed. I believe the man page on ftpd has more detail. The "random,
high" ports that can be used is configurable. I believe these two sysctls
control it:
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535
> If i remember right, the default ftpd is influenced by hosts.allow and
> hosts.deny too.
>
> On Thu, 1 Jul 2004 freebsd at stateautomation.com wrote:
>
> >
> > I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can act as an
> > ftp client from the console OK, however when I try to ftp from a client PC
> > to the server running ftpd (which is running ipfw) the ftp server receives
> > the packet sent to port 21 and replies however it will not initiate a DATA
> > connection back to the client from port 20. I had my client configured to
> > use ACTIVE FTP. I have also tried PASSIVE without any difference. I do not
> > have a firewall on the client and can successfully FTP to another FreeBSD
> > box.
> > None of the rules on my firewall that deny packets coming back from the ftp
> > servers ipfw firewall are being hit. Does anyone have any ideas?
> > Regards, J.S
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> >
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list