Date: Tue, 12 Jun 2001 23:01:12 +0300 (EEST) From: Evren Yurtesen <yurtesen@ispro.net.tr> To: Marcel Dijk <nascar24@home.nl> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: IPFW almost works now. Message-ID: <Pine.BSF.4.33.0106122300150.63354-100000@finland.ispro.net.tr> In-Reply-To: <01d401c0f378$35e4dc30$0900a8c0@windows>
next in thread | previous in thread | raw e-mail | index | archive | help
sorry I missed the beginning of the conversation but did you try to set passive mode in your ftp client? that will solve your problem I guess! On Tue, 12 Jun 2001, Marcel Dijk wrote: > Yes, I am the one running the FTP Daemon, and I want to access it from my > work but that isn't working. (discribed below in my other mail.) > > Marcel > > ----- Original Message ----- > From: "Jason DiCioccio" <Jason.DiCioccio@Epylon.com> > To: "Jason DiCioccio" <Jason.DiCioccio@Epylon.com>; "'Marcel Dijk'" > <nascar24@home.nl>; <freebsd-security@freebsd.org> > Sent: Tuesday, June 12, 2001 9:27 PM > Subject: RE: IPFW almost works now. > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Correction: I might have gotten those backwards if YOU are the one > > running the FTP server. > > > > > > - -------------- > > > > Welcome to the shitty protocol that is: FTP. To use active ftp, you > > need to allow connections to all inbound ports above 1024. To allow > > passive FTP, you need to allow outbound connections to all ports > > above 1024. FTP is obsolete, too bad everyone still uses it though. > > > > Cheers, > > - -JD- > > > > > > > > - -----Original Message----- > > From: Marcel Dijk [mailto:nascar24@home.nl] > > Sent: Tuesday, June 12, 2001 12:12 PM > > To: freebsd-security@freebsd.org > > Subject: IPFW almost works now. > > > > > > Hello, > > > > Thanks to some advice here and http://freebsddiary.org my IPfirewall > > is > > almost how I want it now. > > > > Only to ports I want to be open are open now, and I can access the > > services > > behind these ports. The only problem is FTP. If I try to access the > > FTP > > daemon on port 5617 from for example my work (the FTP daemon runs at > > home) I > > get an error. > > > > I can connect, I have to give my username and pass. It then > > esstablishes a > > connection and tries to execute the LIST command. But then I get this > > error > > > > _______________________________________ > > Can't build data connection: interrupted system call. > > ABOR command succesfull. > > Connection Lost > > _______________________________________ > > > > If I set the firewall wide-open everything works perfectly, but > > ofcourse I > > don't want a wide open firewall. > > > > I have these IPFW rules defined: > > > > ________________________________________ > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00220 divert 8668 ip from any to any via ed0 > > 00400 deny ip from 127.0.0.0/8 to any > > 00615 allow tcp from any to MY_IP 22,5617,10000 > > 00625 allow tcp from MY_IP to any > > 00650 allow udp from any to MY_IP > > 00700 allow udp from MY_IP to any > > 00750 allow icmp from MY_IP to any > > 00800 allow icmp from any to MY_IP > > 00850 allow ip from 192.168.0.0/16 to any > > 00900 allow ip from any to 192.168.0.0/16 > > 65535 deny ip from any to any > > ________________________________________ > > (MY_IP is my public/internet IP) > > > > Can anyone give me some advice on what the problem is and how I can > > solve > > it. Just a reminder: all the other services work perfectly with this > > FW > > configuration. > > > > Marcel > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>; > > > > iQA/AwUBOyZtt1CmU62pemyaEQIyDQCgzpLiYKA6nitxrTC/I/iiyU3htIkAn3M1 > > btM2Y/4JTEh4XoIuZVrjxjJv > > =I+Ei > > -----END PGP SIGNATURE----- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0106122300150.63354-100000>