Date: Tue, 15 Nov 2005 23:28:51 -0500 From: "Robert H. Perry" <rperry@gti.net> To: Kevin Kinsey <kdk@daleco.biz> Cc: freebsd-questions@freebsd.org Subject: Re: Inconsistency Running IPF Against FTPs Message-ID: <437AB583.3000207@gti.net> In-Reply-To: <4379CAFE.4070507@daleco.biz> References: <43797093.5010206@gti.net> <4379CAFE.4070507@daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Kinsey wrote: > Robert H. Perry wrote: > >> I'm running FreeBSD RELEASE 5.4 and recently installed IPF Firewall. I >> rarely download files using FTP but have little choice using >> portupgrade. Now, during an upgrade, I often see the error message, >> "No route to host..." >> while connecting with an FTP site. If I disable the IPF/IPNAT rules >> the problem no longer exists. >> >> I've followed installation instructions in the Handbook paying particular >> attention to the section on IPNAT rules. (I do not claim to entirely >> understand >> what I read however.) My immediate question however is how current >> are the >> instructions? There is a caveat immediately following the IPF >> Firewall Section >> title: "This section is work in progress. The contents might not be >> accurate at >> all times." If it is accurate and should resolve my FTP problems, >> I'll simply re-read >> it until I get it right. >> >> Any other hints are also appreciated. >> > > This would probably fall under your "other hints" category. > > Your firewall should be allowing extant connections to continue --- IOW, > showing > stateful behavior. Some FTP data connections use high-numbered ports, and > it sounds as if these are being blocked by your firewall. YMMV. > > Note that setting FTP_PASSIVE_MODE in your environment might be > worth a shot. > > I am sorry that I'm not an IPF user and can't give more detailed help. > Good luck with your issue. Thanks for your suggestions. Do all other firewalls share the same, or similar problems, with FTP data connections? Bob Perry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?437AB583.3000207>