From owner-freebsd-questions@FreeBSD.ORG Tue Apr 12 07:27:26 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F0FF16A4CE for ; Tue, 12 Apr 2005 07:27:26 +0000 (GMT) Received: from ctb-mesg5.saix.net (ctb-mesg5.saix.net [196.25.240.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B39043D54 for ; Tue, 12 Apr 2005 07:27:25 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from netsphere.cenergynetworks.com (wblv-146-203-89.telkomadsl.co.za [165.146.203.89]) by ctb-mesg5.saix.net (Postfix) with ESMTP id DE5D93EBF; Tue, 12 Apr 2005 09:27:16 +0200 (SAST) Received: from pmx01.ournet.co.za ([198.19.0.73] helo=netsphere.cenergynetworks.com) by netsphere.cenergynetworks.com with smtp (Exim 4.50) id 1DLFnk-000DM8-pq; Tue, 12 Apr 2005 09:27:12 +0200 Received: from [192.168.1.10] (helo=netphobia) by netsphere.cenergynetworks.com with esmtpa (Exim 4.50) id 1DLFni-000DM4-sL; Tue, 12 Apr 2005 09:27:10 +0200 Message-ID: <001001c53f31$f946c7c0$0a01a8c0@ops.cenergynetworks.com> From: "Chris Knipe" To: , References: <425B7682.9020705@gmail.com> Date: Tue, 12 Apr 2005 09:33:51 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Broken-Reverse-DNS: 192.168.1.10 X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.0.3.0, Antispam-Data: 2005.3.10.17 Subject: Re: weird problem with ipfw and ftp X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Knipe List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Apr 2005 07:27:26 -0000 You need tcp port 20 as well (ftp-data) -- Chris. I love deadlines. I especially love the whooshing sound they make as they fly by..." - Douglas Adams, 'Hitchhiker's Guide to the Galaxy' ----- Original Message ----- From: "Clement Twine" To: Sent: Tuesday, April 12, 2005 9:19 AM Subject: weird problem with ipfw and ftp > hi freebsd users, > > i have a problem with users accessing my ftp service from the > internet. everything was working well until i changed from > Linux/shorewall to freebsd/ipfw as my firewall. > > my setup is briefly as follows: > > FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET > > The linux rules were just two (and were working): > > allow tcp from any to 10.0.0.1 21 > allow tcp from 10.0.0.1 21 to any > > I have the following in ipfw but they have refused to work! > > ipfw add 00010 allow tcp from any to 10.0.0.1 21 > ipfw add 00011 allow tcp from 10.0.0.1 21 to any > > > The problem is that an ftp session is established, but when the > session enters passive mode, the ftp session hangs. Are there any > other ports that need to be opened? Has anyone had such a problem > before? I can see in the logs that unprivileged ports are > responding from the ftp server to the requestor - but have tried > all combinations of rules to no avail! > > Please help! > > Regards, > > Clem. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >