From owner-freebsd-questions Wed Apr 12 12: 9:56 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.x-treme.gr (mail2.x-treme.gr [212.120.196.24]) by hub.freebsd.org (Postfix) with ESMTP id D919537B9D6 for ; Wed, 12 Apr 2000 12:07:04 -0700 (PDT) (envelope-from keramida@ceid.upatras.gr) Received: from hades.hell.gr (pat35.x-treme.gr [212.120.197.227]) by mail2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with ESMTP id WAA25292; Wed, 12 Apr 2000 22:05:17 +0300 Received: (from charon@localhost) by hades.hell.gr (8.9.3/8.9.3) id EAA16138; Wed, 12 Apr 2000 04:54:41 +0300 (EEST) (envelope-from charon) Date: Wed, 12 Apr 2000 04:54:41 +0300 From: Giorgos Keramidas To: Scott Graves Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD and IPFW Message-ID: <20000412045440.A16060@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <38F3BFB3.71F840FA@home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <38F3BFB3.71F840FA@home.com>; from sgraves66@home.com on Tue, Apr 11, 2000 at 07:13:39PM -0500 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Apr 11, 2000 at 07:13:39PM -0500, Scott Graves wrote: > > I am able to connect to FTP sites, but not dn/up or list files without > receiving this error. This is what I have in rc.firewall which should > allow for FTP access: > > # Allow FTP connections > ${fwcmd} add pass tcp from any to any 21 setup > ${fwcmd} add pass tcp from any to any 20 setup I think you have the second rule's port numbers reversed. Try changing this to: # Allow FTP connections ${fwcmd} add pass tcp from any to any 21 setup ${fwcmd} add pass tcp from any 20 to any setup Unless I got the whole FTP thing wrong, when you ftp to some server's port 21, the server will use *his* port 20 to connect back to a random port of yours. Ciao, Giorgos Keramidas. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message