Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Apr 2005 09:33:51 +0200
From:      "Chris Knipe" <savage@savage.za.org>
To:        <clem.twain@gmail.com>, <freebsd-questions@freebsd.org>
Subject:   Re: weird problem with ipfw and ftp
Message-ID:  <001001c53f31$f946c7c0$0a01a8c0@ops.cenergynetworks.com>
References:  <425B7682.9020705@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
You need tcp port 20 as well (ftp-data)



--
Chris.

I love deadlines. I especially love the whooshing sound they make as they 
fly by..." - Douglas Adams, 'Hitchhiker's Guide to the Galaxy'

----- Original Message ----- 
From: "Clement Twine" <e.byaru@gmail.com>
To: <freebsd-questions@freebsd.org>
Sent: Tuesday, April 12, 2005 9:19 AM
Subject: weird problem with ipfw and ftp


> hi freebsd users,
>
> i have a problem with users accessing my ftp service from the
> internet. everything was working well until i changed from
> Linux/shorewall to freebsd/ipfw as my firewall.
>
> my setup is briefly as follows:
>
> FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET
>
> The linux rules were just two (and were working):
>
>     allow tcp from any to 10.0.0.1 21
>     allow tcp from 10.0.0.1 21 to any
>
> I have the following in ipfw but they have refused to work!
>
>     ipfw add 00010 allow tcp from any to 10.0.0.1 21
>     ipfw add 00011 allow tcp from 10.0.0.1 21 to any
>
>
> The problem is that an ftp session is established, but when the
> session enters passive mode, the ftp session hangs. Are there any
> other ports that need to be opened? Has anyone had such a problem
> before? I can see in the logs that unprivileged ports are
> responding from the ftp server to the requestor - but have tried
> all combinations of rules to no avail!
>
> Please help!
>
> Regards,
>
> Clem.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c53f31$f946c7c0$0a01a8c0>