Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Apr 2005 09:05:38 +0200
From:      Clement Twine <e.byaru@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   weird problem with ipfw and ftp
Message-ID:  <425B7342.2080307@gmail.com>

next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7CD87BA85B356D46665C1FC2
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

hi freebsd users,

i have a problem with users accessing my ftp service from the
internet. everything was working well until i changed from
Linux/shorewall to freebsd/ipfw as my firewall.

my setup is briefly as follows:

FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET

The linux rules were just two (and were working):

	allow tcp from any to 10.0.0.1 21
	allow tcp from 10.0.0.1 21 to any

I have the following in ipfw but they have refused to work!

	ipfw add 00010 allow tcp from any to 10.0.0.1 21
	ipfw add 00011 allow tcp from 10.0.0.1 21 to any


The problem is that an ftp session is established, but when the
session enters passive mode, the ftp session hangs. Are there any
other ports that need to be opened? Has anyone had such a problem
before? I can see in the logs that unprivileged ports are
responding from the ftp server to the requestor - but have tried
all combinations of rules to no avail!

Please help!

Regards,

Clem.



--------------enig7CD87BA85B356D46665C1FC2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQDVAwUBQltzSOkIG2whqpjBAQLG0wX/Wzcebq3O3lpO7wi1mMB7i8+3XotH8FZ+
nC47SyAlzCc3kc0h83+r0foyc/lNyoqkS/ZQ+N9J8CSZNepyebE92VMXWu1iJeB1
BYaZOmqrmJTKnibqsLf+PQ92anKjiFsKYyzCKakmxEB3479D+eEK+x7PTu2FFwSV
H73WXlZJ3MEyorVSceAVVbeT4BzGY0FR9EsDxucOlqU1IDAS4xHpfzZYCd+KxbO9
FoIlXwKRHqX4VlsDL0YwYtKHlfoIoo4q
=bTFO
-----END PGP SIGNATURE-----

--------------enig7CD87BA85B356D46665C1FC2--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425B7342.2080307>