Date: Tue, 15 Nov 2005 05:48:14 -0600 From: Kevin Kinsey <kdk@daleco.biz> To: "Robert H. Perry" <rperry@gti.net> Cc: freebsd-questions@freebsd.org Subject: Re: Inconsistency Running IPF Against FTPs Message-ID: <4379CAFE.4070507@daleco.biz> In-Reply-To: <43797093.5010206@gti.net> References: <43797093.5010206@gti.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert H. Perry wrote: > I'm running FreeBSD RELEASE 5.4 and recently installed IPF Firewall. > I rarely download files using FTP but have little choice using > portupgrade. > Now, during an upgrade, I often see the error message, "No route to > host..." > while connecting with an FTP site. If I disable the IPF/IPNAT rules > the problem no longer exists. > > I've followed installation instructions in the Handbook paying particular > attention to the section on IPNAT rules. (I do not claim to entirely > understand > what I read however.) My immediate question however is how current > are the > instructions? There is a caveat immediately following the IPF > Firewall Section > title: "This section is work in progress. The contents might not be > accurate at > all times." If it is accurate and should resolve my FTP problems, > I'll simply re-read > it until I get it right. > > Any other hints are also appreciated. > This would probably fall under your "other hints" category. Your firewall should be allowing extant connections to continue --- IOW, showing stateful behavior. Some FTP data connections use high-numbered ports, and it sounds as if these are being blocked by your firewall. YMMV. Note that setting FTP_PASSIVE_MODE in your environment might be worth a shot. I am sorry that I'm not an IPF user and can't give more detailed help. Good luck with your issue. Kevin Kinsey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4379CAFE.4070507>