From owner-freebsd-security Tue Jun 12 14:59:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from finland.ispro.net.tr (finland.ispro.net.tr [212.174.120.1]) by hub.freebsd.org (Postfix) with ESMTP id 1DF3137B409 for ; Tue, 12 Jun 2001 14:59:07 -0700 (PDT) (envelope-from yurtesen@ispro.net.tr) Received: from localhost (yurtesen@localhost) by finland.ispro.net.tr (8.11.2/8.11.2) with ESMTP id f5CK1CR76076; Tue, 12 Jun 2001 23:01:12 +0300 (EEST) (envelope-from yurtesen@ispro.net.tr) Date: Tue, 12 Jun 2001 23:01:12 +0300 (EEST) From: Evren Yurtesen To: Marcel Dijk Cc: Subject: Re: IPFW almost works now. In-Reply-To: <01d401c0f378$35e4dc30$0900a8c0@windows> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org sorry I missed the beginning of the conversation but did you try to set passive mode in your ftp client? that will solve your problem I guess! On Tue, 12 Jun 2001, Marcel Dijk wrote: > Yes, I am the one running the FTP Daemon, and I want to access it from my > work but that isn't working. (discribed below in my other mail.) > > Marcel > > ----- Original Message ----- > From: "Jason DiCioccio" > To: "Jason DiCioccio" ; "'Marcel Dijk'" > ; > Sent: Tuesday, June 12, 2001 9:27 PM > Subject: RE: IPFW almost works now. > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Correction: I might have gotten those backwards if YOU are the one > > running the FTP server. > > > > > > - -------------- > > > > Welcome to the shitty protocol that is: FTP. To use active ftp, you > > need to allow connections to all inbound ports above 1024. To allow > > passive FTP, you need to allow outbound connections to all ports > > above 1024. FTP is obsolete, too bad everyone still uses it though. > > > > Cheers, > > - -JD- > > > > > > > > - -----Original Message----- > > From: Marcel Dijk [mailto:nascar24@home.nl] > > Sent: Tuesday, June 12, 2001 12:12 PM > > To: freebsd-security@freebsd.org > > Subject: IPFW almost works now. > > > > > > Hello, > > > > Thanks to some advice here and http://freebsddiary.org my IPfirewall > > is > > almost how I want it now. > > > > Only to ports I want to be open are open now, and I can access the > > services > > behind these ports. The only problem is FTP. If I try to access the > > FTP > > daemon on port 5617 from for example my work (the FTP daemon runs at > > home) I > > get an error. > > > > I can connect, I have to give my username and pass. It then > > esstablishes a > > connection and tries to execute the LIST command. But then I get this > > error > > > > _______________________________________ > > Can't build data connection: interrupted system call. > > ABOR command succesfull. > > Connection Lost > > _______________________________________ > > > > If I set the firewall wide-open everything works perfectly, but > > ofcourse I > > don't want a wide open firewall. > > > > I have these IPFW rules defined: > > > > ________________________________________ > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00220 divert 8668 ip from any to any via ed0 > > 00400 deny ip from 127.0.0.0/8 to any > > 00615 allow tcp from any to MY_IP 22,5617,10000 > > 00625 allow tcp from MY_IP to any > > 00650 allow udp from any to MY_IP > > 00700 allow udp from MY_IP to any > > 00750 allow icmp from MY_IP to any > > 00800 allow icmp from any to MY_IP > > 00850 allow ip from 192.168.0.0/16 to any > > 00900 allow ip from any to 192.168.0.0/16 > > 65535 deny ip from any to any > > ________________________________________ > > (MY_IP is my public/internet IP) > > > > Can anyone give me some advice on what the problem is and how I can > > solve > > it. Just a reminder: all the other services work perfectly with this > > FW > > configuration. > > > > Marcel > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 7.0.3 for non-commercial use > > > > iQA/AwUBOyZtt1CmU62pemyaEQIyDQCgzpLiYKA6nitxrTC/I/iiyU3htIkAn3M1 > > btM2Y/4JTEh4XoIuZVrjxjJv > > =I+Ei > > -----END PGP SIGNATURE----- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message