Date: Fri, 24 Nov 2000 01:52:36 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Colin Campbell <sgcccdc@citec.qld.gov.au> Cc: freebsd-isp@freebsd.org Subject: Re: proftpd passive weirdness through firewall Message-ID: <Pine.BSF.4.21.0011240145110.48604-100000@ren.sasknow.com> In-Reply-To: <Pine.BSF.4.21.0011241654050.78889-100000@guru.citec.qld.gov.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin Campbell wrote to Ryan Thompson:
> Hi,
>
> I looked but couldn't see. Where are the rules that allow:
>
> outgoing from your ip, port > 1023 to any ip, port > 1023
>
> for passive to work?
>
> Colin
If you remember my last message, outgoing connections are explicitly
allowed.
I just disabled proftpd and brought wu-ftpd back into production (proftpd
was just moved to production a few months ago on probation). The same
problem occurs with wu-ftpd. Again, if I disable the firewall rules, it
works. Perhaps it wasn't proftpd at all, but my firewall config. (Easy
to explain, since changes occurred to both at around the same time, and
users are notoriously slow at reporting problems anyway).
If I add the following as a low-numbered rule as a thought experiment:
allow tcp from any to ${ftp} 1023-65535
... it works. However, that rule is rather a violation of a nicely
secured firewall config :-)
- Ryan
--
Ryan Thompson <ryan@sasknow.com>
Network Administrator, Accounts
Phone: +1 (306) 664-1161
SaskNow Technologies http://www.sasknow.com
#106-380 3120 8th St E Saskatoon, SK S7H 0W2
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011240145110.48604-100000>