Date: Fri, 3 Sep 2021 20:31:46 +0200 From: Christoph Harder <shadowomf@arcor.de> To: Paul Procacci <pprocacci@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ipfw and ftpd Message-ID: <fc42c4cc-71cd-e907-4b39-51f74358b237@arcor.de> In-Reply-To: <CAFbbPujm0M%2BQ9odo39rx7MPr9RtRXp6RkXD7o9gnEDrxWwZBhw@mail.gmail.com> References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> <CAFbbPujm0M%2BQ9odo39rx7MPr9RtRXp6RkXD7o9gnEDrxWwZBhw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ Content-Type: multipart/mixed; boundary="rhpPSQBbWwxj3Tdpm3ifTgxr4OhRxiNC4"; protected-headers="v1" From: Christoph Harder <shadowomf@arcor.de> To: Paul Procacci <pprocacci@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Message-ID: <fc42c4cc-71cd-e907-4b39-51f74358b237@arcor.de> Subject: Re: ipfw and ftpd References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> <CAFbbPujm0M+Q9odo39rx7MPr9RtRXp6RkXD7o9gnEDrxWwZBhw@mail.gmail.com> In-Reply-To: <CAFbbPujm0M+Q9odo39rx7MPr9RtRXp6RkXD7o9gnEDrxWwZBhw@mail.gmail.com> --rhpPSQBbWwxj3Tdpm3ifTgxr4OhRxiNC4 Content-Type: multipart/mixed; boundary="------------D02D1F0622C2D5C3AFD2E5DB" Content-Language: de-DE This is a multi-part message in MIME format. --------------D02D1F0622C2D5C3AFD2E5DB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hello Paul, I tried both passive and active mode. both didn't work. Best regards, Christoph Am 03.09.2021 um 19:13 schrieb Paul Procacci: > Try a different ftp mode. >=20 > https://www.exavault.com/blog/active-vs-passive-ftp >=20 > This page describes it pretty well. In short, there could be more than= one > connection being initiated from the client. > Ensure the ftp client is set to use the one you prefer. >=20 > ~Paul >=20 > On Fri, Sep 3, 2021 at 1:05 PM Christoph Harder <shadowomf@arcor.de> wr= ote: >=20 >> Hello everybody, >> >> I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw. >> Currently I'm trying to get ftpd working for the local network, but wh= en >> ipfw is enabled it's not working. >> It works without any problems when ipfw is not running. The client is = a >> FileZilla Cleint on a windows machine in localnetwork0. >> >> My ipfw.rules file looks like below. I've removed the pass rules for o= ther >> services, but I didn't delete any of the deny rules. >> >> >> /etc/ipfw.rules >> #!/bin/sh >> >> # ipfw command >> ii=3D"/sbin/ipfw -q" >> >> # flush old >> ${ii} -f flush >> #${ii} pipe flush >> #${ii} queue flush >> #${ii} table all flush >> >> # local trusted networks >> localnet0=3D"10.55.0.0/16" >> >> # loopback adapter >> ${ii} add pass all from any to any via lo0 >> ${ii} add deny log all from any to 127.0.0.0/8 >> ${ii} add deny log ip from 127.0.0.0/8 to any >> ${ii} add deny log all from any to ::1 >> ${ii} add deny log all from ::1 to any >> >> # allow if matching entry in dynamic rule table >> ${ii} add check-state log >> >> # allow local ftp traffic >> ${ii} add pass log tcp from ${localnet0} to me 21 in setup keep-state >> ${ii} add pass log tcp from me to ${localnet0} 20 out setup keep-state= >> ${ii} add pass log tcp from ${localnet0} to me 49152-65535 in setup >> keep-state >> >> # deny and log everything else, this should always be the last rule >> ${ii} add deny log all from any to any >> >> >> Strangely /var/log/securtiy is only showing accept for the ftp connect= ions >> and no deny entries, still it's not working. >> Did I mess anything up? Maybe the in/out/setup/check-state or keep-sta= te >> parts? >> >> Best regards, >> Christoph >> >=20 >=20 --------------D02D1F0622C2D5C3AFD2E5DB-- --rhpPSQBbWwxj3Tdpm3ifTgxr4OhRxiNC4-- --j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wrsEABMKACMWIQSb3Ikq38zYR4NRM5GjYkefPwrcBgUCYTJqEgUDAAAAAAAKCRCjYkefPwrcBmiC Af4sZDInv9EdK4E8FDREFys1cqN8CoArJykBEMPJZC7gUWtgj8XPm59WJxWtF2zjqOAIc9cT5J3S DfW88SG9AyQJAfwKvj02m29TmaPczD5s0vjurPBA1bDjIEJ9zkitFBIEmDjaQot5QnpeupzfoD3u 1Unu6fl1cI2nluhtfNeRXa5g =YZ5R -----END PGP SIGNATURE----- --j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fc42c4cc-71cd-e907-4b39-51f74358b237>