Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Jan 2001 17:53:25 +0100 (MET)
From:      =?ISO-8859-1?Q?P=E4r_Thoren?= <t98pth@student.hk-r.se>
To:        freebsd-questions@freebsd.org, freebsd-security@freebsd.org
Subject:   IPFW and the FTP protokoll
Message-ID:  <Pine.GSO.4.21.0101091727330.8915-100000@ogre.rby.hk-r.se>
next in thread | raw e-mail | index | archive | help 
Hi!


I have fsbsd acting as a bridge with ipfw.
Everything is working fine except the FTP protokoll.

I the following to rules to allow ftp:

# FTP-DATA.
${ipfw} add pass tcp from any to any 20 in via ${oif}
# FTP.
${ipfw} add pass tcp from any to any 21 in via ${oif}


To my knowledge ftp uses the ftp port (default 21) and ftpport -1 for data
and the result for commands like 'ls'.

The problem.
I can log into a ftp server behind the firewall with no problem (port
21). But when I try to execute ls or another command it doesn=B4t work.
Nothing happends.

I used the program tcpflow to monitor the tcpinfo when using
ftp when the firewall was open for all traffic. The result was:

(10.0.0.1 ftp client)
(192.168.1.1 ftp server behind firewall)

---------
10.0.0.1.01034-192.168.1.1.00021

USER admin
PASS ftppass
SYST
EPSV
LIST


---------
192.168.1.1.00021-10.0.0.1.01034

220 ftp.behind.firewall FTP server (Version 6.00LS) ready.
331 Password required for admin.
230 User admin logged in.
215 UNIX Type: L8 Version: BSD-199506
229 Entering Extended Passive Mode (|||49175|)
150 Opening ASCII mode data connection for '/bin/ls'.
226 Transfer complete.



--------
192.168.1.1.49175-10.0.0.1.01035

-rw-------  1 admin  wheel      3889 Jan  9 17:21 .bash_history
-rw-r--r--  1 admin  wheel       264 Aug 17 19:04 .bash_profile
-rw-r--r--  1 admin  wheel       628 Oct 19 12:51 .cshrc
-rw-------  1 admin  wheel      1882 Oct 25 14:03 .history
-rw-r--r--  1 admin  wheel       299 Oct 19 12:51 .login
-rw-r--r--  1 admin  wheel       160 Oct 19 12:51 .login_conf
-rw-------  1 admin  wheel       371 Oct 19 12:51 .mail_aliases


The connections over port 21 seems fine but the result of 'ls' isn=B4t over
port 20.
=20
Any ideas why?!

/P=E4r




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0101091727330.8915-100000>