Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Dec 2003 08:26:37 -0500
From:      "fbsd_user" <fbsd_user@a1poweruser.com>
To:        "al vanyushenkov" <vanyushenkov@mail.ru>, <freebsd-ipfw@freebsd.org>
Subject:   RE: ftp access
Message-ID:  <MIEPLLIBMLEEABPDBIEGEEHHFCAA.fbsd_user@a1poweruser.com>
In-Reply-To: <E1AbG9L-000Esg-00.vanyushenkov-mail-ru@f12.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
The FTP protocol has to modes, active  and passive. In active mode
the remote FTP server will request an inbound connection for the
data connection and you have no rule to allow it in. In passive mode
the requesting FTP session issues the data connection which your
rules allow. To fix the problem and still keep your tight firewall,
all you have to do is tell the FTP client program you are using to
default to passive mode and them everything will work without any
changes to your ipfw rules.

-----Original Message-----
From: owner-freebsd-ipfw@freebsd.org
[mailto:owner-freebsd-ipfw@freebsd.org]On Behalf Of al vanyushenkov
Sent: Tuesday, December 30, 2003 4:27 AM
To: freebsd-ipfw@freebsd.org
Subject: ftp access

HI all!

I use FreeBSD 4.8 with ipfw2

I have ipfw rules

...
check-state
...
allow udp from me to any 21 keep-state out via rl0
allow tcp from me to any 21 setup keep-state out via rl0
deny all from any to any

rl0 is my internet interface.

When i tried to use ftp i connected, ls successfully,
but when i tried to get or put files i got records in ipfw.log
deny tcp x.x.x.x:20 y.y.y.y:z

where x.x.x.x is remote ip address
y.y.y.y is my ip address

Does anybody know what rules should i add to allow tcp connections
from me
and deny all connections from outside to me.

Thanks
vanyushenkov alexey
adm@ruskhleb.ru

_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEEHHFCAA.fbsd_user>