Date: Thu, 18 Jul 2002 22:16:23 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: "Tortise@Paradise" <tortise@paradise.net.nz> Cc: freebsd-stable@FreeBSD.ORG, Rich Morin <rdm@cfcl.com> Subject: Re: Enabling passive FTP on FreeBSD 4.5? Message-ID: <3D37A0A7.6070809@quack.kfu.com> References: <p05111b1db95cfe538574@[192.168.254.205]> <016701c22edb$fcc0e250$0600a8c0@P1200n>
next in thread | previous in thread | raw e-mail | index | archive | help
Tortise@Paradise wrote: > Yes I'd appreciate the answer to this, if there is one....or if it was > passed off list. > With thanks > David Hingston > > ----- Original Message ----- > From: "Rich Morin" <rdm@cfcl.com> > To: <freebsd-stable@freebsd.org> > Sent: Friday, July 19, 2002 11:27 AM > Subject: Enabling passive FTP on FreeBSD 4.5? > > > >>I have a user who wants to use passive-mode FTP to access files on my >>FreeBSD 4.5 system. Our firewall is set up to allow all outgoing packets >>and to allow incoming traffic on >> >> 20 TCP # FTP (data) >> 20 UDP # FTP " >> 21 TCP # FTP (control) >> 21 UDP # FTP " >> This is insufficient. Passive mode FTP requires incoming control connections and incoming data connections, but the data connections are addressed to *arbitrary* ports. If you're using the FreeBSD stock FTP server, however, I *believe* that you can count on the data ports to always be within the "high" portrange. See 'sysctl -a | grep portrange'. YMMV with other servers, however, all you need to do to change the default port range used for binding is to setsockopt IP_PORTRANGE to either IP_PORTRANGE_HIGH, IP_PORTRANGE_LOW (requires root) or IP_PORTRANGE_DEFAULT. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D37A0A7.6070809>