Date: Tue, 12 Apr 2005 09:05:38 +0200 From: Clement Twine <e.byaru@gmail.com> To: freebsd-questions@freebsd.org Subject: weird problem with ipfw and ftp Message-ID: <425B7342.2080307@gmail.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7CD87BA85B356D46665C1FC2 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit hi freebsd users, i have a problem with users accessing my ftp service from the internet. everything was working well until i changed from Linux/shorewall to freebsd/ipfw as my firewall. my setup is briefly as follows: FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET The linux rules were just two (and were working): allow tcp from any to 10.0.0.1 21 allow tcp from 10.0.0.1 21 to any I have the following in ipfw but they have refused to work! ipfw add 00010 allow tcp from any to 10.0.0.1 21 ipfw add 00011 allow tcp from 10.0.0.1 21 to any The problem is that an ftp session is established, but when the session enters passive mode, the ftp session hangs. Are there any other ports that need to be opened? Has anyone had such a problem before? I can see in the logs that unprivileged ports are responding from the ftp server to the requestor - but have tried all combinations of rules to no avail! Please help! Regards, Clem. --------------enig7CD87BA85B356D46665C1FC2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iQDVAwUBQltzSOkIG2whqpjBAQLG0wX/Wzcebq3O3lpO7wi1mMB7i8+3XotH8FZ+ nC47SyAlzCc3kc0h83+r0foyc/lNyoqkS/ZQ+N9J8CSZNepyebE92VMXWu1iJeB1 BYaZOmqrmJTKnibqsLf+PQ92anKjiFsKYyzCKakmxEB3479D+eEK+x7PTu2FFwSV H73WXlZJ3MEyorVSceAVVbeT4BzGY0FR9EsDxucOlqU1IDAS4xHpfzZYCd+KxbO9 FoIlXwKRHqX4VlsDL0YwYtKHlfoIoo4q =bTFO -----END PGP SIGNATURE----- --------------enig7CD87BA85B356D46665C1FC2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425B7342.2080307>