Date: Wed, 07 Mar 2001 18:37:42 -0700 From: "Charles Burns" <burnscharlesn@hotmail.com> To: questions@freebsd.org Subject: Allowing FTP through firewall Message-ID: <F228LDiKBsuZ2K4xDh900002d12@hotmail.com>
next in thread | raw e-mail | index | archive | help
What do I need to do to allow passive FTP through a closed firewall? According to the ftpd man page, ports 49152-65535 may be used for passive FTP. The lines that are applicable in my firewall script are: fw=/sbin/ipfw $fw add 2 divert natd all from any to any via xl0 $fw add 11 pass tcp from any to any 49152-65535 $fw add 12 pass udp from any to any 49152-65535 $fw add 100 check-state $fw add 300 pass tcp from any to any 20,21 keep-state $fw add 400 pass tcp from any to any 20,21 keep-state $fw add 900 pass icmp from any to any icmptypes 0,3,4,8,11,12 I'm not terribly experienced at making firewalls and do not fully understand everything about them, but I'm trying to become proficient at building them. FTP is just a real hangup and I absolutely cannot find any useful documentation about doing this. FYI, the FTP client is able to find the FTP server. After this is done, a connection is made a LOOOOOOOOOOOOOOOONG time later and the welcome message is displayed. The FTP client then says "opening data socket" and about 30 seconds later, reports "cannot establish data connection" To the best of my understanding (which isn't much), rules 300 and 400 should allow data connections. Are there any other common protocols that are this difficult to setup? Thanks ahead of time Charles Burns _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F228LDiKBsuZ2K4xDh900002d12>