weird problem with ipfw and ftp
Ed Stover
estover at nativenerds.com
Tue Apr 12 00:51:50 PDT 2005
On Tue, 2005-04-12 at 09:05 +0200, Clement Twine wrote:
> hi freebsd users,
>
> i have a problem with users accessing my ftp service from the
> internet. everything was working well until i changed from
> Linux/shorewall to freebsd/ipfw as my firewall.
>
> my setup is briefly as follows:
>
> FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET
>
> The linux rules were just two (and were working):
>
> allow tcp from any to 10.0.0.1 21
> allow tcp from 10.0.0.1 21 to any
>
> I have the following in ipfw but they have refused to work!
>
> ipfw add 00010 allow tcp from any to 10.0.0.1 21
> ipfw add 00011 allow tcp from 10.0.0.1 21 to any
>
>
> The problem is that an ftp session is established, but when the
> session enters passive mode, the ftp session hangs. Are there any
> other ports that need to be opened? Has anyone had such a problem
> before? I can see in the logs that unprivileged ports are
> responding from the ftp server to the requestor - but have tried
> all combinations of rules to no avail!
>
> Please help!
>
> Regards,
>
> Clem.
>
>
I usually do port forwarding from my natd.cf on my open type firewalls
and it works fine.
#/etc/natd.cf
log yes
deny_incoming no
use_sockets yes
same_ports yes
verbose no
port 8668
interface xl1
unregistered_only no
redirect_port tcp 10.1.1.1:20 20
redirect_port udp 10.1.1.1:20 20
redirect_port tcp 10.1.1.1:21 21
redirect_port udp 10.1.1.1:21 21
#EOF
More information about the freebsd-questions
mailing list