Inconsistency Running IPF Against FTPs
Kevin Kinsey
kdk at daleco.biz
Tue Nov 15 11:48:28 GMT 2005
Robert H. Perry wrote:
> I'm running FreeBSD RELEASE 5.4 and recently installed IPF Firewall.
> I rarely download files using FTP but have little choice using
> portupgrade.
> Now, during an upgrade, I often see the error message, "No route to
> host..."
> while connecting with an FTP site. If I disable the IPF/IPNAT rules
> the problem no longer exists.
>
> I've followed installation instructions in the Handbook paying particular
> attention to the section on IPNAT rules. (I do not claim to entirely
> understand
> what I read however.) My immediate question however is how current
> are the
> instructions? There is a caveat immediately following the IPF
> Firewall Section
> title: "This section is work in progress. The contents might not be
> accurate at
> all times." If it is accurate and should resolve my FTP problems,
> I'll simply re-read
> it until I get it right.
>
> Any other hints are also appreciated.
>
This would probably fall under your "other hints" category.
Your firewall should be allowing extant connections to continue --- IOW,
showing
stateful behavior. Some FTP data connections use high-numbered ports, and
it sounds as if these are being blocked by your firewall. YMMV.
Note that setting FTP_PASSIVE_MODE in your environment might be
worth a shot.
I am sorry that I'm not an IPF user and can't give more detailed help.
Good luck with your issue.
Kevin Kinsey
More information about the freebsd-questions
mailing list