From owner-freebsd-isp@FreeBSD.ORG Tue Jul 20 16:07:44 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A70A16A4CF for ; Tue, 20 Jul 2004 16:07:44 +0000 (GMT) Received: from host04.cpu-hosting.com (65-87-196-78.synergy-networks.com [65.87.196.78]) by mx1.FreeBSD.org (Postfix) with SMTP id E4CA743D45 for ; Tue, 20 Jul 2004 16:07:42 +0000 (GMT) (envelope-from support@cpu-net.com) Received: (qmail 5537 invoked from network); 20 Jul 2004 16:07:41 -0000 Received: from unknown (HELO don) (65.87.196.101) by cpu-net.com with SMTP; 20 Jul 2004 16:07:41 -0000 From: "CPU Customer Support" To: Date: Tue, 20 Jul 2004 12:07:28 -0400 Message-ID: <00c001c46e73$aa853ed0$65c45741@don> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Importance: Normal Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: bridging firewall => proftpd issue. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2004 16:07:44 -0000 The isp I administrate is running a full set of Redhat 9 servers. (Not my choice) But, as I just took over the position recently, I have been upgrading the security all around. In doing this I've installed a Bridging firewall running FreeBSD 4.9 compiled for the security branch, and IPFW. It seems that just as I installed this firewall, a customer is no longer able to ftp into our main Redhat machine. The redhat machine is running Proftpd 1.2.9. The issue: The user can log in and authenticate. It successfully authenticates his password as it should, but then when he tries to get a directory listing it bombs. It looks at first like a passive/active issue, but, I've opened the appropriate ports on the firewall, and even assigned the passive ports in Proftpd. He has tried passive and active modes both, with the same results. Mind you all other customers do not have any issues. Session Transcript: Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session opened. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - USER **usersname**: Login successful. Jul 19 17:24:04 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - Refused PORT 192,168,100,3,8,118 (address mismatch) Jul 19 17:24:13 host04 proftpd[32507]: cpu-net.com (70-240-21-3.ded.swbell.net[70.240.21.3]) - FTP session closed. The ip range that he's coming from was just recently issued by SBC recently. I've also tried opening all ports and ips to this ip address for him. To no avail. The customer did not have any issues prior to installing the Freebsd firewall/bridge. He was also using the current ip address prior as well. If anyone has a figment of a clue, it would be worlds of help to me. Thank you, Don Mohlmaster CPU-NET.com, Inc. Systems Administrator.