Date: Mon, 1 Jul 2002 10:36:41 -0500 From: "Raja Velu" <raja@micronetusa.com> To: <freebsd-questions@freebsd.org> Subject: Browser-based FTP access as part of a web page Message-ID: <003f01c22115$195313e0$1d00a8c0@www.micronetusa.com>
next in thread | raw e-mail | index | archive | help
Hi All, Our FreeBSD 4.4 server hosts web sites for a few domains and also acts as the firewall (IPFW/NAT) for our small office network, consisting mainly of Windows clients on the inside. One of our customers had a requirement to host a web site that uses ASP pages. So, we are hosting this site on a Windows 2000 Server, which sits on the internal network. We configured a public IP address as an IP alias for the outside interface of the BSD Server and used NATD to redirect port 80 requests to this new IP to the Windows 2000 Web Server. BSD Box: 1.2.3.4 - First public IP 1.2.3.5 - Second public IP (aliased to the same interface) Onto my problem now :) One of the ASP web pages takes a username/password and constructs an FTP URL (something like ftp://<username:<password>@1.2.3.4) and attempts to display the contents of the FTP directory as a frame in the browser window. 1.2.3.4 is the original public IP of the BSD box. When the firewall is enabled, this frame comes up with a "No page to display" error. I look at my "security" logs and I see communication going on between BSD:21 and the web browser. However, all of a sudden, I see that the web browser is trying to access some arbitrary port on the BSD box (like 49254 etc.), which is being denied (obviously, as I have opened up only the necessary ports). And the page returns an error. When I just type the FTP URL on the web browser, it works fine. It is not working THROUGH this web page only. With the firewall open, it works fine as none of the ports are protected. This problem may be very specific to my setup. So, please pass me any troubleshooting tips too even if you haven't come across this before. Thanks a bunch. Rgds, Raja PS: I am attaching some my security and tcpdump logs here in case they might be of assistance (x.x.x.x is any external machine - I tried accessing this web page from several networks and the results are the same): ***** /var/log/security ***** Jul 1 10:28:09 support /kernel: ipfw: 2600 Accept TCP x.x.x.x:2642 1.2.3.4:21 in via xl0 Jul 1 10:28:09 support /kernel: ipfw: 2600 Accept TCP 1.2.3.4:21 x.x.x.x:2642 out via xl0 ........... ........... Jul 1 10:28:09 support /kernel: ipfw: 3900 Deny TCP x.x.x.x:2643 1.2.3.4:49152 in via xl0 ***** tcpdump ***** 15:38:17.769087 XXXXX.ipt.aol.com.2987 > 1.2.3.4.ftp: S 18549 450:18549450(0) win 8192 <mss 536,nop,nop,sackOK> (DF) 15:38:17.769656 1.2.3.4.ftp > AC82D2BD.ipt.aol.com.2987: S 18751 66115:1875166115(0) ack 18549451 win 16616 <mss 1460> (DF) ............. ............. 15:38:25.450712 XXXXX.ipt.aol.com.2988 > 1.2.3.4.33342: S 185 57147:18557147(0) win 8192 <mss 536,nop,nop,sackOK> (DF) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003f01c22115$195313e0$1d00a8c0>