Date: Thu, 1 Jul 2004 09:53:41 -0400 From: Bill Moran <wmoran@potentialtech.com> To: User LAFFER1 <laffer1@adsl-68-76-19-75.dsl.klmzmi.ameritech.net> Cc: freebsd-questions@freebsd.org Subject: Re: FTP server will not initiate DATA connection back to client Message-ID: <20040701095341.7265c53a.wmoran@potentialtech.com> In-Reply-To: <20040701092402.H11587@adsl-68-76-19-75.dsl.klmzmi.ameritech.net> References: <BF7916625596914581732F223B113D33108E85@MELEXC01> <20040701092402.H11587@adsl-68-76-19-75.dsl.klmzmi.ameritech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
User LAFFER1 <laffer1@adsl-68-76-19-75.dsl.klmzmi.ameritech.net> wrote: > Does it work with ipfw disabled? If so, then it seems resonable that ipfw > is causing the problem. One of the ftp modes (pasv or port) requires high > level ports to be accessible on the server. I just started drinking > coffee this moring, so i can't remember which one yet. :) Drink faster man! ;) Do these tests: 1) FTP active mode with firewall enabled 2) FTP active mode with firewall at allow all 3) FTP passive mode with firewall enabled If 2 & 3 succeed and 1 doesn't ... then it's your firewall. Other combinations indicate other problems which may be more complex. FTP active mode requires that the server can make a connection _back_ to the client. This fails over NAT boundries and many different firewall configs. Passive mode causes the client to make a _second_ connection to the server on a high, random port. This traverses NAT pretty well, but requires proper rules in the server's packet filter to allow the connections to succeed. I believe the man page on ftpd has more detail. The "random, high" ports that can be used is configurable. I believe these two sysctls control it: net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 > If i remember right, the default ftpd is influenced by hosts.allow and > hosts.deny too. > > On Thu, 1 Jul 2004 freebsd@stateautomation.com wrote: > > > > > I am running FreeBSD 4.9 RELEASE running the standard ftpd. I can act as an > > ftp client from the console OK, however when I try to ftp from a client PC > > to the server running ftpd (which is running ipfw) the ftp server receives > > the packet sent to port 21 and replies however it will not initiate a DATA > > connection back to the client from port 20. I had my client configured to > > use ACTIVE FTP. I have also tried PASSIVE without any difference. I do not > > have a firewall on the client and can successfully FTP to another FreeBSD > > box. > > None of the rules on my firewall that deny packets coming back from the ftp > > servers ipfw firewall are being hit. Does anyone have any ideas? > > Regards, J.S > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040701095341.7265c53a.wmoran>