From owner-freebsd-questions@FreeBSD.ORG Tue Apr 12 07:22:10 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F3AC16A4CE for ; Tue, 12 Apr 2005 07:22:10 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id E143A43D1D for ; Tue, 12 Apr 2005 07:22:09 +0000 (GMT) (envelope-from e.byaru@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so1451268rng for ; Tue, 12 Apr 2005 00:22:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:reply-to:organization:user-agent:x-accept-language:mime-version:to:subject:x-enigmail-version:x-enigmail-supports:content-type:content-transfer-encoding:from; b=dyflOY5quJpUULgoWnoe7QvUAL1HevyXQ5+JdDzr/vFL/Rc34QETjcE5fdgzetYjVFjZFCkQ0/tlapw81vDAotZEL7/BMYHMXYdEdxW12GzwECac7AQ1q+wy6vxbPrf5neN+/XsLyQGYgC2b6KY0vZ94gIcu3fF8srqKvWc6Cdc= Received: by 10.38.90.49 with SMTP id n49mr596908rnb; Tue, 12 Apr 2005 00:22:09 -0700 (PDT) Received: from ?196.216.3.2? ([196.216.3.2]) by mx.gmail.com with ESMTP id f3sm1119847rne.2005.04.12.00.22.07; Tue, 12 Apr 2005 00:22:09 -0700 (PDT) Message-ID: <425B7682.9020705@gmail.com> Date: Tue, 12 Apr 2005 09:19:30 +0200 Organization: The Net Freax BV User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit From: Clement Twine Subject: weird problem with ipfw and ftp X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: clem.twain@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Apr 2005 07:22:10 -0000 hi freebsd users, i have a problem with users accessing my ftp service from the internet. everything was working well until i changed from Linux/shorewall to freebsd/ipfw as my firewall. my setup is briefly as follows: FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET The linux rules were just two (and were working): allow tcp from any to 10.0.0.1 21 allow tcp from 10.0.0.1 21 to any I have the following in ipfw but they have refused to work! ipfw add 00010 allow tcp from any to 10.0.0.1 21 ipfw add 00011 allow tcp from 10.0.0.1 21 to any The problem is that an ftp session is established, but when the session enters passive mode, the ftp session hangs. Are there any other ports that need to be opened? Has anyone had such a problem before? I can see in the logs that unprivileged ports are responding from the ftp server to the requestor - but have tried all combinations of rules to no avail! Please help! Regards, Clem.