Date: Tue, 12 Apr 2005 01:52:30 -0600 From: Ed Stover <estover@nativenerds.com> To: Clement Twine <e.byaru@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: weird problem with ipfw and ftp Message-ID: <1113292350.85522.11.camel@red.nativenerds.com> In-Reply-To: <425B7342.2080307@gmail.com> References: <425B7342.2080307@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2005-04-12 at 09:05 +0200, Clement Twine wrote: > hi freebsd users, > > i have a problem with users accessing my ftp service from the > internet. everything was working well until i changed from > Linux/shorewall to freebsd/ipfw as my firewall. > > my setup is briefly as follows: > > FTP_Server (10.0.0.1) --- Firewall (IPFW) ----- INTERNET > > The linux rules were just two (and were working): > > allow tcp from any to 10.0.0.1 21 > allow tcp from 10.0.0.1 21 to any > > I have the following in ipfw but they have refused to work! > > ipfw add 00010 allow tcp from any to 10.0.0.1 21 > ipfw add 00011 allow tcp from 10.0.0.1 21 to any > > > The problem is that an ftp session is established, but when the > session enters passive mode, the ftp session hangs. Are there any > other ports that need to be opened? Has anyone had such a problem > before? I can see in the logs that unprivileged ports are > responding from the ftp server to the requestor - but have tried > all combinations of rules to no avail! > > Please help! > > Regards, > > Clem. > > I usually do port forwarding from my natd.cf on my open type firewalls and it works fine. #/etc/natd.cf log yes deny_incoming no use_sockets yes same_ports yes verbose no port 8668 interface xl1 unregistered_only no redirect_port tcp 10.1.1.1:20 20 redirect_port udp 10.1.1.1:20 20 redirect_port tcp 10.1.1.1:21 21 redirect_port udp 10.1.1.1:21 21 #EOF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1113292350.85522.11.camel>