Date: Sun, 11 Mar 2001 16:36:52 -0600 From: Mike Meyer <mwm@mired.org> To: "Charles Burns" <burnscharlesn@hotmail.com> Cc: questions@freebsd.org Subject: Re: ipfw rules for incoming passive mode ftp connections Message-ID: <15019.65028.743053.640046@guru.mired.org> In-Reply-To: <10931933@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Burns <burnscharlesn@hotmail.com> types: > This was somewhat covered a few days ago. Mike Meyer pointed out that the > documentation for ftpd is incorrect. If you allow ports 1024-4999 (the "old > behavior") PASV FTP should work. Sortof. It seems rather flaky to me with a > firewall enabled, actually, but I probably just need to refine my rules. > > It was suggested that the option -DIP_PORTRANGE was needed to enable the > behavior that is supposed to be default. This may work for you, but did not > work for me for some reason. When I tried defining this option in the source > code, GCC complained that it was already defined in a file that is > completely external to FTPD (but is included). The file that's included is part of the system ip setup, and ftpd checks for that define to verify that it the definitions it's using to get the port numbers are right. That part of the code is fine, and I goofed in not checking for IP_PORTRANGE to be defined outside the program. Beyond that, I can't understand why it doesn't work as advertised. You might try running ftpd with -U to see if you get the high range. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15019.65028.743053.640046>