Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jan 2001 18:55:25 +0100
From:      "Oliver Fehr" <oliver.fehr@ofehr.com>
To:        =?iso-8859-1?Q?P=E4r_Thoren?= <t98pth@student.hk-r.se>, <freebsd-questions@freebsd.org>, <freebsd-security@freebsd.org>
Subject:   RE: IPFW and the FTP protokoll
Message-ID:  <744F8CC0DC48FA4C8757A01D3BFFF9071524@miranda.ofehr.com>

next in thread | raw e-mail | index | archive | help
this is because the remote server cannot initiate a connection to your
machine port 20 (which is ok).
you can use ftp -p to do what you want. this opens a passive ftp
connection without using port 20.

hope this helps
oliver

> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of P=E4r Thoren
> Sent: Tuesday, January 09, 2001 5:53 PM
> To: freebsd-questions@freebsd.org; freebsd-security@freebsd.org
> Subject: IPFW and the FTP protokoll
>=20
>=20
> Hi!
>=20
>=20
> I have fsbsd acting as a bridge with ipfw.
> Everything is working fine except the FTP protokoll.
>=20
> I the following to rules to allow ftp:
>=20
> # FTP-DATA.
> ${ipfw} add pass tcp from any to any 20 in via ${oif}
> # FTP.
> ${ipfw} add pass tcp from any to any 21 in via ${oif}
>=20
>=20
> To my knowledge ftp uses the ftp port (default 21) and=20
> ftpport -1 for data
> and the result for commands like 'ls'.
>=20
> The problem.
> I can log into a ftp server behind the firewall with no problem (port
> 21). But when I try to execute ls or another command it doesn=B4t =
work.
> Nothing happends.
>=20
> I used the program tcpflow to monitor the tcpinfo when using
> ftp when the firewall was open for all traffic. The result was:
>=20
> (10.0.0.1 ftp client)
> (192.168.1.1 ftp server behind firewall)
>=20
> ---------
> 10.0.0.1.01034-192.168.1.1.00021
>=20
> USER admin
> PASS ftppass
> SYST
> EPSV
> LIST
>=20
>=20
> ---------
> 192.168.1.1.00021-10.0.0.1.01034
>=20
> 220 ftp.behind.firewall FTP server (Version 6.00LS) ready.
> 331 Password required for admin.
> 230 User admin logged in.
> 215 UNIX Type: L8 Version: BSD-199506
> 229 Entering Extended Passive Mode (|||49175|)
> 150 Opening ASCII mode data connection for '/bin/ls'.
> 226 Transfer complete.
>=20
>=20
>=20
> --------
> 192.168.1.1.49175-10.0.0.1.01035
>=20
> -rw-------  1 admin  wheel      3889 Jan  9 17:21 .bash_history
> -rw-r--r--  1 admin  wheel       264 Aug 17 19:04 .bash_profile
> -rw-r--r--  1 admin  wheel       628 Oct 19 12:51 .cshrc
> -rw-------  1 admin  wheel      1882 Oct 25 14:03 .history
> -rw-r--r--  1 admin  wheel       299 Oct 19 12:51 .login
> -rw-r--r--  1 admin  wheel       160 Oct 19 12:51 .login_conf
> -rw-------  1 admin  wheel       371 Oct 19 12:51 .mail_aliases
>=20
>=20
> The connections over port 21 seems fine but the result of=20
> 'ls' isn=B4t over
> port 20.
> =20
> Any ideas why?!
>=20
> /P=E4r
>=20
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>=20


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?744F8CC0DC48FA4C8757A01D3BFFF9071524>