From owner-freebsd-questions@FreeBSD.ORG Tue Apr 12 07:38:55 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD37816A4CE for ; Tue, 12 Apr 2005 07:38:55 +0000 (GMT) Received: from lmail.bathnetworks.co.uk (mail.bathnetworks.com [84.92.24.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1564543D39 for ; Tue, 12 Apr 2005 07:38:52 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: (qmail 25747 invoked by uid 510); 12 Apr 2005 08:41:10 +0100 Received: from 84.92.24.252 by lmail.bathnetworks.co.uk (envelope-from , uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.83/710. spamassassin: 3.0.2. perlscan: 1.24-st-qms. Clear:RC:0(84.92.24.252):SA:0(-1.7/5.0):. Processed in 1.108062 secs); 12 Apr 2005 07:41:10 -0000 X-Spam-Status: No, hits=-1.7 required=5.0 X-Antivirus-MYDOMAIN-Mail-From: bsd@bathnetworks.com via lmail.bathnetworks.co.uk X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(84.92.24.252):SA:0(-1.7/5.0):. Processed in 1.108062 secs Process 25740) Received: from mail.bathnetworks.com (HELO ?84.92.24.252?) (bsd@bathnetworks.com@84.92.24.252) by lmail.bathnetworks.co.uk with SMTP; 12 Apr 2005 08:41:09 +0100 From: Robert Slade To: "freebsd-questions@freebsd.org" In-Reply-To: <425B7342.2080307@gmail.com> References: <425B7342.2080307@gmail.com> Content-Type: text/plain Message-Id: <1113291668.24798.3.camel@lmail.bathnetworks.co.uk> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Tue, 12 Apr 2005 08:41:09 +0100 Content-Transfer-Encoding: 7bit Subject: Re: weird problem with ipfw and ftp X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Apr 2005 07:38:55 -0000 On Tue, 2005-04-12 at 08:05, Clement Twine wrote: > hi freebsd users, > > i have a problem with users accessing my ftp service from the > internet. everything was working well until i changed from > Linux/shorewall to freebsd/ipfw as my firewall. > > my setup is briefly as follows: > > FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET > > The linux rules were just two (and were working): > > allow tcp from any to 10.0.0.1 21 > allow tcp from 10.0.0.1 21 to any > > I have the following in ipfw but they have refused to work! > > ipfw add 00010 allow tcp from any to 10.0.0.1 21 > ipfw add 00011 allow tcp from 10.0.0.1 21 to any > > > The problem is that an ftp session is established, but when the > session enters passive mode, the ftp session hangs. Are there any > other ports that need to be opened? Has anyone had such a problem > before? I can see in the logs that unprivileged ports are > responding from the ftp server to the requestor - but have tried > all combinations of rules to no avail! > > Please help! > > Regards, > > Clem. You need to use port 20 too. Additionally, passive ftp uses high number ports to actually transfer the data. I am not sure how to do this with IPFW but there are are a number of tutorials about this try google. Rob > >