Le Mercredi 18 Avril 2001 14:01, vous avez �crit :
> Le Mardi 17 Avril 2001 14:14, vous avez �crit :
> > Sounds like you need to usethe passive mode in your FTP client (only one
> > TCP connection)
> >
> >>----- Original Message -----
> >> From: Phil Morden
> >>
> >> I've installed Proftpd on Cookfire RC1. I get connected to the server
> >> but never get a file list..it just waits then times out. I've followed
> >> the directions from the bastille-ftp readme. Can anyone help?
> >> Thanks.
>
> Actually ftp is really a problem with a 2.2 kernel (without connection
> tracking).
>
> You may look at two possibilities:
> - open tcp ports 21 (control) *and* 20 (data) in incoming traffic on the
> firewall to allow active ftp from the clients
Correction: you don't need to open tcp port 20 since the data connection
is initialized by the server (default policy for the out chain is accept).
If you add "ftp" to the list of incoming services (Restrict Access/Internet
Traffic), *active* ftp should work without any more configuration.
This opens the tcp port 21, allowing connection requests from clients.
> - open tcp port 21 and all high ports (> 1024) on the firewall to allow
> passive clients
This works too: add "ftp" and "1024:" (don't forget ' : ') to the list of
allowed incoming services inf Resctrict Access/Internet Traffic.
This way, passive ftp clients work (in passive mode, clients initialize the
data connection, on a high port negociated with the server; thus, without
connection tracking, you're forced to allow all high ports...)
This opens tcp ports 21 and all ports above 1024 on the server.
Hope this helps, and thanks to Florin for his help in testing this :-)
Renaud
