Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 07 Mar 2001 18:37:42 -0700
From:      "Charles Burns" <burnscharlesn@hotmail.com>
To:        questions@freebsd.org
Subject:   Allowing FTP through firewall
Message-ID:  <F228LDiKBsuZ2K4xDh900002d12@hotmail.com>

next in thread | raw e-mail | index | archive | help
What do I need to do to allow passive FTP through a closed firewall?
According to the ftpd man page, ports 49152-65535 may be used for passive 
FTP. The lines that are applicable in my firewall script are:

fw=/sbin/ipfw

$fw add 2 divert natd all from any to any via xl0
$fw add 11 pass tcp from any to any 49152-65535
$fw add 12 pass udp from any to any 49152-65535
$fw add 100 check-state
$fw add 300 pass tcp from any to any 20,21 keep-state
$fw add 400 pass tcp from any to any 20,21 keep-state
$fw add 900 pass icmp from any to any icmptypes 0,3,4,8,11,12

I'm not terribly experienced at making firewalls and do not fully understand 
everything about them, but I'm trying to become proficient at building them. 
FTP is just a real hangup and I absolutely cannot find any useful 
documentation about doing this.

FYI, the FTP client is able to find the FTP server. After this is done, a 
connection is made a LOOOOOOOOOOOOOOOONG time later and the welcome message 
is displayed. The FTP client then says "opening data socket" and about 30 
seconds later, reports "cannot establish data connection"
To the best of my understanding (which isn't much), rules 300 and 400 should 
allow data connections.

Are there any other common protocols that are this difficult to setup?

Thanks ahead of time

Charles Burns
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F228LDiKBsuZ2K4xDh900002d12>