From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 30 05:26:40 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01C3816A4CE for ; Tue, 30 Dec 2003 05:26:40 -0800 (PST) Received: from mta11.adelphia.net (mta11.adelphia.net [68.168.78.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DD6243D2F for ; Tue, 30 Dec 2003 05:26:38 -0800 (PST) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.103]) by mta11.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031230132638.UTBP6455.mta11.adelphia.net@barbish>; Tue, 30 Dec 2003 08:26:38 -0500 From: "fbsd_user" To: "al vanyushenkov" , Date: Tue, 30 Dec 2003 08:26:37 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: ftp access X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Dec 2003 13:26:40 -0000 The FTP protocol has to modes, active and passive. In active mode the remote FTP server will request an inbound connection for the data connection and you have no rule to allow it in. In passive mode the requesting FTP session issues the data connection which your rules allow. To fix the problem and still keep your tight firewall, all you have to do is tell the FTP client program you are using to default to passive mode and them everything will work without any changes to your ipfw rules. -----Original Message----- From: owner-freebsd-ipfw@freebsd.org [mailto:owner-freebsd-ipfw@freebsd.org]On Behalf Of al vanyushenkov Sent: Tuesday, December 30, 2003 4:27 AM To: freebsd-ipfw@freebsd.org Subject: ftp access HI all! I use FreeBSD 4.8 with ipfw2 I have ipfw rules ... check-state ... allow udp from me to any 21 keep-state out via rl0 allow tcp from me to any 21 setup keep-state out via rl0 deny all from any to any rl0 is my internet interface. When i tried to use ftp i connected, ls successfully, but when i tried to get or put files i got records in ipfw.log deny tcp x.x.x.x:20 y.y.y.y:z where x.x.x.x is remote ip address y.y.y.y is my ip address Does anybody know what rules should i add to allow tcp connections from me and deny all connections from outside to me. Thanks vanyushenkov alexey adm@ruskhleb.ru _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"