Inconsistency Running IPF Against FTPs
Robert H. Perry
rperry at gti.net
Wed Nov 16 04:27:56 GMT 2005
Kevin Kinsey wrote:
> Robert H. Perry wrote:
>
>> I'm running FreeBSD RELEASE 5.4 and recently installed IPF Firewall. I
>> rarely download files using FTP but have little choice using
>> portupgrade. Now, during an upgrade, I often see the error message,
>> "No route to host..."
>> while connecting with an FTP site. If I disable the IPF/IPNAT rules
>> the problem no longer exists.
>>
>> I've followed installation instructions in the Handbook paying particular
>> attention to the section on IPNAT rules. (I do not claim to entirely
>> understand
>> what I read however.) My immediate question however is how current
>> are the
>> instructions? There is a caveat immediately following the IPF
>> Firewall Section
>> title: "This section is work in progress. The contents might not be
>> accurate at
>> all times." If it is accurate and should resolve my FTP problems,
>> I'll simply re-read
>> it until I get it right.
>>
>> Any other hints are also appreciated.
>>
>
> This would probably fall under your "other hints" category.
>
> Your firewall should be allowing extant connections to continue --- IOW,
> showing
> stateful behavior. Some FTP data connections use high-numbered ports, and
> it sounds as if these are being blocked by your firewall. YMMV.
>
> Note that setting FTP_PASSIVE_MODE in your environment might be
> worth a shot.
>
> I am sorry that I'm not an IPF user and can't give more detailed help.
> Good luck with your issue.
Thanks for your suggestions. Do all other firewalls share the same, or
similar problems, with FTP data connections?
Bob Perry
More information about the freebsd-questions
mailing list