Date: Tue, 20 Jul 2004 12:07:28 -0400 From: "CPU Customer Support" <support@cpu-net.com> To: <freebsd-isp@freebsd.org> Subject: bridging firewall => proftpd issue. Message-ID: <00c001c46e73$aa853ed0$65c45741@don>
next in thread | raw e-mail | index | archive | help
The isp I administrate is running a full set of Redhat 9 servers. (Not my choice) But, as I just took over the position recently, I have been upgrading the security all around. In doing this I've installed a Bridging firewall running FreeBSD 4.9 compiled for the security branch, and IPFW. It seems that just as I installed this firewall, a customer is no longer able to ftp into our main Redhat machine. The redhat machine is running Proftpd 1.2.9. The issue: The user can log in and authenticate. It successfully authenticates his password as it should, but then when he tries to get a directory listing it bombs. It looks at first like a passive/active issue, but, I've opened the appropriate ports on the firewall, and even assigned the passive ports in Proftpd. He has tried passive and active modes both, with the same results. Mind you all other customers do not have any issues. Session Transcript: Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session opened. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - USER **usersname**: Login successful. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - Refused PORT 192,168,100,3,8,118 (address mismatch) Jul 19 17:24:13 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session closed. The ip range that he's coming from was just recently issued by SBC recently. I've also tried opening all ports and ips to this ip address for him. To no avail. The customer did not have any issues prior to installing the Freebsd firewall/bridge. He was also using the current ip address prior as well. If anyone has a figment of a clue, it would be worlds of help to me. Thank you, Don Mohlmaster CPU-NET.com, Inc. Systems Administrator.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c001c46e73$aa853ed0$65c45741>