From owner-freebsd-questions  Thu Jan 25  8:11:33 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from be-well.ilk.org (lowellg.ne.mediaone.net [24.147.184.128])
	by hub.freebsd.org (Postfix) with ESMTP id 05E4137B6A6
	for <freebsd-questions@freebsd.org>; Thu, 25 Jan 2001 08:11:16 -0800 (PST)
Received: (from lowell@localhost)
	by be-well.ilk.org (8.11.1/8.11.1) id f0PGBDL12000;
	Thu, 25 Jan 2001 11:11:13 -0500 (EST)
	(envelope-from lowell)
To: ertank@ozlerplastik.com (Ertan Kucukoglu),
	freebsd-questions@freebsd.org
Subject: Re: Firewall and ftp
References: <3A702FC5.48771E4@ozlerplastik.com>
From: Lowell Gilbert <lowell@world.std.com>
Date: 25 Jan 2001 11:11:13 -0500
In-Reply-To: ertank@ozlerplastik.com's message of "25 Jan 2001 14:58:33 +0100"
Message-ID: <44wvbjsjby.fsf@lowellg.ne.mediaone.net>
Lines: 29
X-Mailer: Gnus v5.7/Emacs 20.7
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

ertank@ozlerplastik.com (Ertan Kucukoglu) writes:

> I want to use ftp client and ftp server behind a firewall.
> 
> I tried to open ports 20 and 21 but, couldn't manage to use it. People can
> connect, give their passwords, but when they try to ls or get some file or
> something that my machine should send data to them it hangs there.
> 
> Which ports should be opened for proper ftp usage? 
> 
> I'm using ipfw, system is FreeBSD 4.2-STABLE. Internet NIC is called fxp1 on
> my machine. Also there is fxp0 for my LAN. ftp server is FreeBSD ftp server.

If both the server and client are behind separate firewalls, you won't
be able to use FTP between them unless the firewall has special code
to snoop on FTP control traffic and open ports for the data
connections dynamically.  I don't believe that ipfw or ipf do this.
An ftp proxy may help, but you would need to open holes for *that*
instead.  

Note that the FreeBSD ftp client will by default use ports in the
range 49152-65535.  You could open up that whole range, and FTP would
work, but, well, you'd've opened up a very big hole in your firewall.

If only the client is behind a firewall, then FTP should work fine if 
you use passive mode.  If only the server is behind a firewall, then
only active mode will work.  

Good luck.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message