On Wednesday 07 March 2001 09:04, you wrote:
> Please why i still have not got an answer? is my problem out of subject?
>
> Thanks.
> Gilles
>
> -------- Original Message --------
> Objet: [Cooker-firewall] Two problem
> Date: Wed, 28 Feb 2001 11:24:03 +0100
> De: Trossevin Gilles <[EMAIL PROTECTED]>
> Répondre-A: [EMAIL PROTECTED]
> A: [EMAIL PROTECTED]
>
> First of all excuse me for my poor english ;-)
>
> I'm actually testing cookfire because i need to put a firewall for a
> student class room with 30 PC (open all the day) connected to the
> internet. Now for testing i've put a cookfire PC beetween a LAN
> connection to the internet and 3PC with Windows98 (192.168.1.XX) through
> a hub...
> 1 : after 2 hour the dhcpd died i must restart manually. Actually i've
> disable dhcpd and i fix the IP configuration manually for my 3 PC
There was several problems with the version of dhcpd included
in the betas, even in the beta 4 (iso creation problem).
We are aware of the problem and should correct it soon.
> 2 : when i try a ftp connection when i list a directory i obtain a
> "blocking call cancelled" (i authorize the ftp from inside to outside
> but not outside to inside) , and ftp-data from outside to inside.
Ftp is kind of a nightmare with ipchains ;-)
We support only passive mode (active mode is highly insecure), and
even so we had troubles in our configuration.
The problem in passive mode is that you must allow all clients to open
a connection on ports > 1024 (you don't know on which port clients
bind, nor the port the server uses - there's no port 20 anymore in passive
mode). That means you can't block office traffic on ports > 1024 when
you want to allow ftp (that's what we have done in the CVS).
So you have to open all ports > 1024 for office traffic, and use your clients
in passive mode.
Tell us if you still have problems or need more information.
Renaud
