Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Nov 2000 03:09:31 -0500
From:      "Simon" <simon@optinet.com>
To:        "Colin Campbell" <sgcccdc@citec.qld.gov.au>, "Ryan Thompson" <ryan@sasknow.com>
Cc:        "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org>
Subject:   Re: proftpd passive weirdness through firewall
Message-ID:  <20001124080520.2949C37B479@hub.freebsd.org>
In-Reply-To: <Pine.BSF.4.21.0011240145110.48604-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

ProFTPD still has a passive mode bug. As soon as I saw passive mode + proftpd, i stopped reading your email ;-)

-Simon

On Fri, 24 Nov 2000 01:52:36 -0600 (CST), Ryan Thompson wrote:

>Colin Campbell wrote to Ryan Thompson:
>
>> Hi,
>> 
>> I looked but couldn't see. Where are the rules that allow:
>> 
>> outgoing from your ip, port > 1023 to any ip, port > 1023
>> 
>> for passive to work?
>> 
>> Colin
>
>If you remember my last message, outgoing connections are explicitly
>allowed.
>
>I just disabled proftpd and brought wu-ftpd back into production (proftpd
>was just moved to production a few months ago on probation).  The same
>problem occurs with wu-ftpd.  Again, if I disable the firewall rules, it
>works.  Perhaps it wasn't proftpd at all, but my firewall config.  (Easy
>to explain, since changes occurred to both at around the same time, and
>users are notoriously slow at reporting problems anyway).
>
>If I add the following as a low-numbered rule as a thought experiment:
>
>	allow tcp from any to ${ftp} 1023-65535
>
>... it works.  However, that rule is rather a violation of a nicely
>secured firewall config :-)
>
>
>- Ryan
>
>-- 
>  Ryan Thompson <ryan@sasknow.com>
>  Network Administrator, Accounts
>  Phone: +1 (306) 664-1161
>
>  SaskNow Technologies     http://www.sasknow.com
>  #106-380 3120 8th St E   Saskatoon, SK  S7H 0W2
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
>





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001124080520.2949C37B479>