From owner-freebsd-questions  Sun Mar 11 14:36:57 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186])
	by hub.freebsd.org (Postfix) with SMTP id A800337B718
	for <questions@freebsd.org>; Sun, 11 Mar 2001 14:36:54 -0800 (PST)
	(envelope-from mwm@mired.org)
Received: (qmail 18621 invoked by uid 100); 11 Mar 2001 22:36:52 -0000
From: Mike Meyer <mwm@mired.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15019.65028.743053.640046@guru.mired.org>
Date: Sun, 11 Mar 2001 16:36:52 -0600
To: "Charles Burns" <burnscharlesn@hotmail.com>
Cc: questions@freebsd.org
Subject: Re: ipfw rules for incoming passive mode ftp connections
In-Reply-To: <10931933@toto.iv>
X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG%
 *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Charles Burns <burnscharlesn@hotmail.com> types:
> This was somewhat covered a few days ago. Mike Meyer pointed out that the 
> documentation for ftpd is incorrect. If you allow ports 1024-4999 (the "old 
> behavior") PASV FTP should work. Sortof. It seems rather flaky to me with a 
> firewall enabled, actually, but I probably just need to refine my rules.
> 
> It was suggested that the option -DIP_PORTRANGE was needed to enable the 
> behavior that is supposed to be default. This may work for you, but did not 
> work for me for some reason. When I tried defining this option in the source 
> code, GCC complained that it was already defined in a file that is 
> completely external to FTPD (but is included).

The file that's included is part of the system ip setup, and ftpd
checks for that define to verify that it the definitions it's using to
get the port numbers are right. That part of the code is fine, and I
goofed in not checking for IP_PORTRANGE to be defined outside the
program.

Beyond that, I can't understand why it doesn't work as advertised. You
might try running ftpd with -U to see if you get the high range.

	<mike
--
Mike Meyer <mwm@mired.org>			http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message