ipfw and ftpd

Paul Procacci pprocacci at gmail.com
Fri Sep 3 17:13:47 UTC 2021

Try a different ftp mode.


This page describes it pretty well.  In short, there could be more than one
connection being initiated from the client.
Ensure the ftp client is set to use the one you prefer.


On Fri, Sep 3, 2021 at 1:05 PM Christoph Harder <shadowomf at arcor.de> wrote:

> Hello everybody,
> I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw.
> Currently I'm trying to get ftpd working for the local network, but when
> ipfw is enabled it's not working.
> It works without any problems when ipfw is not running. The client is a
> FileZilla Cleint on a windows machine in localnetwork0.
> My ipfw.rules file looks like below. I've removed the pass rules for other
> services, but I didn't delete any of the deny rules.
> /etc/ipfw.rules
> #!/bin/sh
> # ipfw command
> ii="/sbin/ipfw -q"
> # flush old
> ${ii} -f flush
> #${ii} pipe flush
> #${ii} queue flush
> #${ii} table all flush
> # local trusted networks
> localnet0=""
> # loopback adapter
> ${ii} add pass all from any to any via lo0
> ${ii} add deny log all from any to
> ${ii} add deny log ip from to any
> ${ii} add deny log all from any to ::1
> ${ii} add deny log all from ::1 to any
> # allow if matching entry in dynamic rule table
> ${ii} add check-state log
> # allow local ftp traffic
> ${ii} add pass log tcp from ${localnet0} to me 21 in setup keep-state
> ${ii} add pass log tcp from me to ${localnet0} 20 out setup keep-state
> ${ii} add pass log tcp from ${localnet0} to me 49152-65535 in setup
> keep-state
> # deny and log everything else, this should always be the last rule
> ${ii} add deny log all from any to any
> Strangely /var/log/securtiy is only showing accept for the ftp connections
> and no deny entries, still it's not working.
> Did I mess anything up? Maybe the in/out/setup/check-state or keep-state
> parts?
> Best regards,
> Christoph


:(){ :|:& };:

More information about the freebsd-questions mailing list