From owner-freebsd-isp Fri Nov 24 0: 5:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 2949C37B479 for ; Fri, 24 Nov 2000 00:05:20 -0800 (PST) Received: (qmail 56262 invoked by uid 106); 24 Nov 2000 08:08:57 -0000 Received: from adsl-151-202-94-118.nyc.adsl.bellatlantic.net (HELO sharky) (151.202.94.118) by anaconda.acceleratedweb.net with SMTP; 24 Nov 2000 08:08:57 -0000 From: "Simon" To: "Colin Campbell" , "Ryan Thompson" Cc: "freebsd-isp@freebsd.org" Date: Fri, 24 Nov 2000 03:09:31 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: proftpd passive weirdness through firewall Message-Id: <20001124080520.2949C37B479@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ProFTPD still has a passive mode bug. As soon as I saw passive mode + proftpd, i stopped reading your email ;-) -Simon On Fri, 24 Nov 2000 01:52:36 -0600 (CST), Ryan Thompson wrote: >Colin Campbell wrote to Ryan Thompson: > >> Hi, >> >> I looked but couldn't see. Where are the rules that allow: >> >> outgoing from your ip, port > 1023 to any ip, port > 1023 >> >> for passive to work? >> >> Colin > >If you remember my last message, outgoing connections are explicitly >allowed. > >I just disabled proftpd and brought wu-ftpd back into production (proftpd >was just moved to production a few months ago on probation). The same >problem occurs with wu-ftpd. Again, if I disable the firewall rules, it >works. Perhaps it wasn't proftpd at all, but my firewall config. (Easy >to explain, since changes occurred to both at around the same time, and >users are notoriously slow at reporting problems anyway). > >If I add the following as a low-numbered rule as a thought experiment: > > allow tcp from any to ${ftp} 1023-65535 > >... it works. However, that rule is rather a violation of a nicely >secured firewall config :-) > > >- Ryan > >-- > Ryan Thompson > Network Administrator, Accounts > Phone: +1 (306) 664-1161 > > SaskNow Technologies http://www.sasknow.com > #106-380 3120 8th St E Saskatoon, SK S7H 0W2 > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message